qcow2: Fix overly broad madvise()
commit08546bcfb260c28141e27cf3367c443528602fc0
authorMax Reitz <mreitz@redhat.com>
Tue, 14 Nov 2017 18:41:27 +0000 (14 19:41 +0100)
committerMax Reitz <mreitz@redhat.com>
Fri, 17 Nov 2017 17:21:31 +0000 (17 18:21 +0100)
treef3279d9709f81852b0fabe176b18e7ee708b0ceb
parent4efb1f7c612ff35badc8f8cbda78ac891fabf20a
qcow2: Fix overly broad madvise()

@mem_size and @offset are both size_t, thus subtracting them from one
another will just return a big size_t if mem_size < offset -- even more
obvious here because the result is stored in another size_t.

Checking that result to be positive is therefore not sufficient to
exclude the case that offset > mem_size.  Thus, we currently sometimes
issue an madvise() over a very large address range.

This is triggered by iotest 163, but with -m64, this does not result in
tangible problems.  But with -m32, this test produces three segfaults,
all of which are fixed by this patch.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20171114184127.24238-1-mreitz@redhat.com
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
block/qcow2-cache.c