migration: fix-possible-int-overflow

stat64_add() takes uint64_t as 2nd argument, but both "p->next_packet_size" and "p->packet_len" are uint32_t. Thus, theyr sum may overflow uint32_t. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Frolov <frolov@swemel.ru> Link: https://lore.kernel.org/r/20241113140509.325732-2-frolov@swemel.ru Signed-off-by: Peter Xu <peterx@redhat.com>
author: Dmitry Frolov <frolov@swemel.ru> 2024-11-13 17:05:01 +0300
committer: Peter Xu <peterx@redhat.com> 2024-11-13 13:02:46 -0500
commit: 0926c002c7c71749a781de13f28b0481e029d323 (patch)
tree: d72866324b384398ec9265c318ca77702c0e6d3e
parent: 4daff81efb381d1138832648511218a646f8092e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/migration/multifd.c b/migration/multifd.c
index 4374e14a96..498e71fd10 100644
--- a/migration/multifd.c
+++ b/migration/multifd.c
@@ -623,7 +623,7 @@ static void *multifd_send_thread(void *opaque)
             }
 
             stat64_add(&mig_stats.multifd_bytes,
-                       p->next_packet_size + p->packet_len);
+                       (uint64_t)p->next_packet_size + p->packet_len);
 
             p->next_packet_size = 0;
             multifd_set_payload_type(p->data, MULTIFD_PAYLOAD_NONE);
author	Dmitry Frolov <frolov@swemel.ru>	2024-11-13 17:05:01 +0300
committer	Peter Xu <peterx@redhat.com>	2024-11-13 13:02:46 -0500
commit	0926c002c7c71749a781de13f28b0481e029d323 (patch)
tree	d72866324b384398ec9265c318ca77702c0e6d3e
parent	4daff81efb381d1138832648511218a646f8092e (diff)