libxc: Avoid overflow in xc_domain_dumpcore_via_callback().

nr_pages*PAGE_SIZE can overflow a 32-bit long.
From: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: Keir Fraser <keir@xensource.com>
xen-unstable changeset:   16111:c19c51317eebe8e852dd4ad90ca19880397fa3b4
xen-unstable date:        Mon Oct 15 12:20:43 2007 +0100

diff --git a/tools/libxc/xc_core.c b/tools/libxc/xc_core.c
index 3c7afbe0ce6241c7a33d05ccf650dcc0512f7de7..d0f0b822af12072d962f448cbefc79d8ae601e7e 100644 (file)
--- a/tools/libxc/xc_core.c
+++ b/tools/libxc/xc_core.c
@@ -580,7 +580,7 @@ xc_domain_dumpcore_via_callback(int xc_handle,
     }
     if ( !auto_translated_physmap )
     {
-        filesz = nr_pages * sizeof(p2m_array[0]);
+        filesz = (uint64_t)nr_pages * sizeof(p2m_array[0]);
         sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_P2M,
                                SHT_PROGBITS,
                                offset, filesz, __alignof__(p2m_array[0]),
@@ -590,7 +590,7 @@ xc_domain_dumpcore_via_callback(int xc_handle,
     }
     else
     {
-        filesz = nr_pages * sizeof(pfn_array[0]);
+        filesz = (uint64_t)nr_pages * sizeof(pfn_array[0]);
         sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PFN,
                                SHT_PROGBITS,
                                offset, filesz, __alignof__(pfn_array[0]),
@@ -620,7 +620,7 @@ xc_domain_dumpcore_via_callback(int xc_handle,
     dummy_len = ROUNDUP(offset, PAGE_SHIFT) - offset; /* padding length */
     offset += dummy_len;
 
-    filesz = nr_pages * PAGE_SIZE;
+    filesz = (uint64_t)nr_pages * PAGE_SIZE;
     sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PAGES, SHT_PROGBITS,
                            offset, filesz, PAGE_SIZE, PAGE_SIZE);
     if ( sts != 0 )