From eecbccc4d9d70b2fd63681a2b3ced6a6aafe81bb Mon Sep 17 00:00:00 2001
From: Dylan Reid <dgreid@chromium.org>
Date: Fri, 28 Jun 2019 15:19:43 +1000
Subject: qcow: Avoid overflow when taking ceiling of division

The extra % operation will be slower, but none of these divisions are in
hot paths. They are only used during setup. Many of these operations
take untrusted input from the disk file, so need to be hardened.

BUG=979458
TEST=unit tests still pass

Signed-off-by: Dylan Reid <dgreid@chromium.org>
Change-Id: I0e93c73b345faf643da53ea41bde3349d756bdc7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1679891
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
---
 qcow/src/qcow.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/qcow/src/qcow.rs b/qcow/src/qcow.rs
index 7528773..ceaf130 100644
--- a/qcow/src/qcow.rs
+++ b/qcow/src/qcow.rs
@@ -1554,12 +1554,12 @@ fn offset_is_cluster_boundary(offset: u64, cluster_bits: u32) -> Result<()> {
 
 // Ceiling of the division of `dividend`/`divisor`.
 fn div_round_up_u64(dividend: u64, divisor: u64) -> u64 {
-    (dividend + divisor - 1) / divisor
+    dividend / divisor + if dividend % divisor != 0 { 1 } else { 0 }
 }
 
 // Ceiling of the division of `dividend`/`divisor`.
 fn div_round_up_u32(dividend: u32, divisor: u32) -> u32 {
-    (dividend + divisor - 1) / divisor
+    dividend / divisor + if dividend % divisor != 0 { 1 } else { 0 }
 }
 
 fn convert_copy<R, W>(reader: &mut R, writer: &mut W, offset: u64, size: u64) -> Result<()>
-- 
cgit 1.4.1