Message ID | 1395835569-21193-14-git-send-email-stefanha@redhat.com |
---|---|
State | New |
Headers | show |
On 26.03.2014 13:05, Stefan Hajnoczi wrote: > From: Kevin Wolf <kwolf@redhat.com> > > 32 bit truncation could let us access the wrong offset in the image. > > Signed-off-by: Kevin Wolf <kwolf@redhat.com> > Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > block/bochs.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) Reviewed-by: Max Reitz <mreitz@redhat.com>
diff --git a/block/bochs.c b/block/bochs.c index a922782..826ec12 100644 --- a/block/bochs.c +++ b/block/bochs.c @@ -186,8 +186,9 @@ static int64_t seek_to_sector(BlockDriverState *bs, int64_t sector_num) return -1; /* not allocated */ } - bitmap_offset = s->data_offset + (512 * s->catalog_bitmap[extent_index] * - (s->extent_blocks + s->bitmap_blocks)); + bitmap_offset = s->data_offset + + (512 * (uint64_t) s->catalog_bitmap[extent_index] * + (s->extent_blocks + s->bitmap_blocks)); /* read in bitmap for current extent */ if (bdrv_pread(bs->file, bitmap_offset + (extent_offset / 8),