From: Kevin Wolf Date: Mon, 14 Apr 2014 12:48:16 +0000 (+0200) Subject: block: Limit size to INT_MAX in bdrv_check_byte_request() X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=1dd3a44753f10970ded50950d28353c00bfcaf91;p=qemu.git block: Limit size to INT_MAX in bdrv_check_byte_request() Commit 8f4754ed intended to protect against integer overflow bugs in block drivers by making sure that a single request that is passed to drivers is no longer than INT_MAX bytes. However, meanwhile there are some callers that don't use that code path any more but call bdrv_check_byte_request() directy, so let's add a check there as well. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz --- diff --git a/block.c b/block.c index 3b7951eb4f..5a0b421655 100644 --- a/block.c +++ b/block.c @@ -2581,6 +2581,10 @@ static int bdrv_check_byte_request(BlockDriverState *bs, int64_t offset, { int64_t len; + if (size > INT_MAX) { + return -EIO; + } + if (!bdrv_is_inserted(bs)) return -ENOMEDIUM;