diff options
| author | Peter Xu | 2018-07-20 05:47:13 +0200 |
|---|---|---|
| committer | Dr. David Alan Gilbert | 2018-07-24 17:58:51 +0200 |
| commit | 4fcefd44a074008e490ff54c3c28a08b8dbfb14b (patch) | |
| tree | 48117842c76a8dc97978d8dbba58ea9dd1e3cbb4 | |
| parent | Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ... (diff) | |
| download | qemu-4fcefd44a074008e490ff54c3c28a08b8dbfb14b.tar.gz qemu-4fcefd44a074008e490ff54c3c28a08b8dbfb14b.tar.xz qemu-4fcefd44a074008e490ff54c3c28a08b8dbfb14b.zip | |
migration: fix potential overflow in multifd send
I would guess it won't happen normally, but this should ease Coverity.
>>> CID 1394385: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "pages->used * 8192U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
854 transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len;
Fixes: CID 1394385
CC: Juan Quintela <quintela@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180720034713.11711-1-peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
| -rw-r--r-- | migration/ram.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/migration/ram.c b/migration/ram.c index 52dd678092..fdd108475c 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -851,7 +851,7 @@ static void multifd_send_pages(void) p->pages->block = NULL; multifd_send_state->pages = p->pages; p->pages = pages; - transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len; + transferred = ((uint64_t) pages->used) * TARGET_PAGE_SIZE + p->packet_len; ram_counters.multifd_bytes += transferred; ram_counters.transferred += transferred;; qemu_mutex_unlock(&p->mutex); |