diff options
author | Max Reitz <mreitz@redhat.com> | 2015-02-25 13:08:23 -0500 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2015-03-18 12:06:56 +0100 |
commit | ac97393dc7c4761af6104fb8fca5f600899f687b (patch) | |
tree | 497deb6c95c1679c72881c34683515c038b5e3d5 | |
parent | 70d4739ef200760d8cac3355d05b4252f2f37fec (diff) |
nbd: Fix potential signed overflow issues
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-11-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-rw-r--r-- | include/block/nbd.h | 4 | ||||
-rw-r--r-- | qemu-nbd.c | 5 |
2 files changed, 5 insertions, 4 deletions
diff --git a/include/block/nbd.h b/include/block/nbd.h index 2c20138588..53726e82e9 100644 --- a/include/block/nbd.h +++ b/include/block/nbd.h @@ -54,8 +54,8 @@ struct nbd_reply { /* Reply types. */ #define NBD_REP_ACK (1) /* Data sending finished. */ #define NBD_REP_SERVER (2) /* Export description. */ -#define NBD_REP_ERR_UNSUP ((1 << 31) | 1) /* Unknown option. */ -#define NBD_REP_ERR_INVALID ((1 << 31) | 3) /* Invalid length. */ +#define NBD_REP_ERR_UNSUP ((UINT32_C(1) << 31) | 1) /* Unknown option. */ +#define NBD_REP_ERR_INVALID ((UINT32_C(1) << 31) | 3) /* Invalid length. */ #define NBD_CMD_MASK_COMMAND 0x0000ffff #define NBD_CMD_FLAG_FUA (1 << 16) diff --git a/qemu-nbd.c b/qemu-nbd.c index 0c9e807a1a..a4a9a0cf37 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -142,8 +142,9 @@ static void read_partition(uint8_t *p, struct partition_record *r) r->end_head = p[5]; r->end_cylinder = p[7] | ((p[6] << 2) & 0x300); r->end_sector = p[6] & 0x3f; - r->start_sector_abs = p[8] | p[9] << 8 | p[10] << 16 | p[11] << 24; - r->nb_sectors_abs = p[12] | p[13] << 8 | p[14] << 16 | p[15] << 24; + + r->start_sector_abs = le32_to_cpup((uint32_t *)(p + 8)); + r->nb_sectors_abs = le32_to_cpup((uint32_t *)(p + 12)); } static int find_partition(BlockBackend *blk, int partition, |