qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 15/61] qcow2: Assert against snapshot name/ID overflo


From: Kevin Wolf
Subject: [Qemu-devel] [PULL 15/61] qcow2: Assert against snapshot name/ID overflow
Date: Fri, 11 Oct 2013 17:05:05 +0200

From: Max Reitz <address@hidden>

qcow2_write_snapshots relies on the length of every snapshot ID and name
fitting into an unsigned 16 bit integer. This is currently ensured by
QEMU through generally only allowing 128 byte IDs and 256 byte names.
However, if this should change in the future, the length written to the
image file should not be silently truncated (though the name itself
would be written completely).

Since this is currently not an issue but might require attention due to
internal QEMU changes in the future, an assert ensuring sanity is enough
for now.

Signed-off-by: Max Reitz <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
 block/qcow2-snapshot.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index f6f3e64..812dab2 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -221,6 +221,7 @@ static int qcow2_write_snapshots(BlockDriverState *bs)
 
         id_str_size = strlen(sn->id_str);
         name_size = strlen(sn->name);
+        assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX);
         h.id_str_size = cpu_to_be16(id_str_size);
         h.name_size = cpu_to_be16(name_size);
         offset = align_offset(offset, 8);
-- 
1.8.1.4




reply via email to

[Prev in Thread] Current Thread [Next in Thread]