Commit 851495571d for qemu.org

commit 851495571d14fe2226c52b9d423f88a4f5460836
Author: Peter Maydell <peter.maydell@linaro.org>
Date:   Tue Jul 23 16:09:27 2024 +0100

    util/async.c: Forbid negative min/max in aio_context_set_thread_pool_params()

    aio_context_set_thread_pool_params() takes two int64_t arguments to
    set the minimum and maximum number of threads in the pool.  We do
    some bounds checking on these, but we don't catch the case where the
    inputs are negative.  This means that later in the function when we
    assign these inputs to the AioContext::thread_pool_min and
    ::thread_pool_max fields, which are of type int, the values might
    overflow the smaller type.

    A negative number of threads is meaningless, so make
    aio_context_set_thread_pool_params() return an error if either min or
    max are negative.

    Resolves: Coverity CID 1547605
    Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
    Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
    Message-id: 20240723150927.1396456-1-peter.maydell@linaro.org
    Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

diff --git a/util/async.c b/util/async.c
index 0467890052..3e3e4fc712 100644
--- a/util/async.c
+++ b/util/async.c
@@ -746,7 +746,7 @@ void aio_context_set_thread_pool_params(AioContext *ctx, int64_t min,
                                         int64_t max, Error **errp)
 {

-    if (min > max || !max || min > INT_MAX || max > INT_MAX) {
+    if (min > max || max <= 0 || min < 0 || min > INT_MAX || max > INT_MAX) {
         error_setg(errp, "bad thread-pool-min/thread-pool-max values");
         return;
     }