migration: fix potential overflow in multifd send

I would guess it won't happen normally, but this should ease Coverity. >>> CID 1394385: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "pages->used * 8192U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). 854 transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len; Fixes: CID 1394385 CC: Juan Quintela <quintela@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180720034713.11711-1-peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
author: Peter Xu <peterx@redhat.com> 2018-07-20 11:47:13 +0800
committer: Dr. David Alan Gilbert <dgilbert@redhat.com> 2018-07-24 16:58:51 +0100
commit: 4fcefd44a074008e490ff54c3c28a08b8dbfb14b (patch)
tree: 48117842c76a8dc97978d8dbba58ea9dd1e3cbb4 /migration
parent: 3bae150448dbd888a480f892ebbf01caec0d8329 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/migration/ram.c b/migration/ram.c
index 52dd678092..fdd108475c 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -851,7 +851,7 @@ static void multifd_send_pages(void)
     p->pages->block = NULL;
     multifd_send_state->pages = p->pages;
     p->pages = pages;
-    transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len;
+    transferred = ((uint64_t) pages->used) * TARGET_PAGE_SIZE + p->packet_len;
     ram_counters.multifd_bytes += transferred;
     ram_counters.transferred += transferred;;
     qemu_mutex_unlock(&p->mutex);
author	Peter Xu <peterx@redhat.com>	2018-07-20 11:47:13 +0800
committer	Dr. David Alan Gilbert <dgilbert@redhat.com>	2018-07-24 16:58:51 +0100
commit	4fcefd44a074008e490ff54c3c28a08b8dbfb14b (patch)
tree	48117842c76a8dc97978d8dbba58ea9dd1e3cbb4 /migration
parent	3bae150448dbd888a480f892ebbf01caec0d8329 (diff)