From 00f2f13eb9579e79209039e44162f2f82646f910 Mon Sep 17 00:00:00 2001 From: xiaoyuliang Date: Mon, 20 Oct 2025 14:43:13 +0800 Subject: [PATCH] block/qcow2-cluster.c: Fix integer left shift error in qcow2_alloc_cluster_link_l2() This Patch came from Commit 348fcc4 and was adapted: https://github.com/qemu/qemu/commit/348fcc4f7ace1718006e646078d88c8cd8c1d97e When calculating the offset, the result of left shift operation will be promoted to type int64 automatically because the left operand of + operator is uint64_t. but the result after integer promotion may be produce an error value for us and trigger the following asserting error. For example, consider i=0x2000, cluster_bits=18, the result of left shift operation will be 0x80000000. Cause argument i is of signed integer type, the result is automatically promoted to 0xffffffff80000000 which is not we expected The way to trigger the assertion error: qemu-img create -f qcow2 -o preallocation=full,cluster_size=256k tmpdisk 10G This patch fix it by casting @i to uint64_t before doing left shift operation Signed-off-by: Guoyi Tu Reviewed-by: Eric Blake Reviewed-by: Kevin Wolf Reviewed-by: Alberto Garcia Message-id: 81ba90fe0c014f269621c283269b42ad@h3c.com Signed-off-by: Peter Maydell --- block/qcow2-cluster.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index f8576031b6..d68b912c0a 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -994,7 +994,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m) } l2_slice[l2_index + i] = cpu_to_be64((cluster_offset + - (i << s->cluster_bits)) | QCOW_OFLAG_COPIED); + ((uint64_t)i << s->cluster_bits)) | QCOW_OFLAG_COPIED); } -- Gitee