[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 3/4] qcow2: Sanitize refcount table size
From: |
Max Reitz |
Subject: |
[Qemu-devel] [PATCH 3/4] qcow2: Sanitize refcount table size |
Date: |
Sun, 17 Nov 2013 15:18:43 +0100 |
Make sure there were no overflows when calculating the in-memory
refcount table size from the number of its clusters in-file.
Signed-off-by: Max Reitz <address@hidden>
---
block/qcow2.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/block/qcow2.c b/block/qcow2.c
index 3e612a8..9c29e1a 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -558,6 +558,14 @@ static int qcow2_open(BlockDriverState *bs, QDict
*options, int flags,
s->refcount_table_size =
header.refcount_table_clusters << (s->cluster_bits - 3);
+ if ((s->refcount_table_size >> (s->cluster_bits - 3)) !=
+ header.refcount_table_clusters)
+ {
+ error_setg(errp, "Refcount table is too big");
+ ret = -EINVAL;
+ goto fail;
+ }
+
/* read the level 1 table */
s->l1_size = header.l1_size;
--
1.8.4.2