[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [Bug 865518] Re: qemu segfaults when writing to very la
|
From: |
Laszlo Ersek |
|
Subject: |
Re: [Qemu-devel] [Bug 865518] Re: qemu segfaults when writing to very large qcow2 disk |
|
Date: |
Mon, 13 May 2013 09:11:46 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 |
On 05/11/13 10:16, Richard Jones wrote:
> Still happening in upstream qemu from git:
>
> Program terminated with signal 11, Segmentation fault.
> #0 0x00007f4f86c721a0 in get_cluster_table (address@hidden,
> address@hidden,
> address@hidden,
> address@hidden)
> at block/qcow2-cluster.c:525
> 525 l2_offset = s->l1_table[l1_index] & L1E_OFFSET_MASK;
Supposing that line 517 doesn't overflow "l1_index" for starters (which
is an uint32_t in practice), line 519 converts "l1_index + 1" to "signed
int". If the "min_size" parameter of qcow2_grow_l1_table() is negative,
then the function won't do anything.
Laszlo