[Qemu-devel] [PATCH] qcow2-refcount: Catch array overflow

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] qcow2-refcount: Catch array overflow

From:	Max Reitz
Subject:	[Qemu-devel] [PATCH] qcow2-refcount: Catch array overflow
Date:	Fri, 20 Sep 2013 12:14:44 +0200

Add an assertion to alloc_refcount_block which catches an array index
being out of bounds; this may occur if cluster_index is much too high
(exceeding the image size). This in turn can be caused for instance by
snapshotting a corrupted image (i.e., corrupted L2 tables).

Signed-off-by: Max Reitz <address@hidden>
---
 block/qcow2-refcount.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 4264148..80da2ff 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -341,6 +341,7 @@ static int alloc_refcount_block(BlockDriverState *bs,
     /* Fill the new refcount table */
     memcpy(new_table, s->refcount_table,
         s->refcount_table_size * sizeof(uint64_t));
+    assert(refcount_table_index < table_size);
     new_table[refcount_table_index] = new_block;
 
     int i;
-- 
1.8.3.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] qcow2-refcount: Catch array overflow, Max Reitz <=

Prev by Date: Re: [Qemu-devel] [PATCH 2/2] virtio-blk: do not relay a previous driver's WCE configuration to the current
Next by Date: Re: [Qemu-devel] [PATCH 2/2] virtio-blk: do not relay a previous driver's WCE configuration to the current
Previous by thread: [Qemu-devel] [PATCH 0/6] Configure metadata overlap checks at runtime
Next by thread: [Qemu-devel] [PATCH 00/17] blockdev-add QMP command
Index(es):
- Date
- Thread