[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 1/6] qcow2: Avoid overflow in alloc_clusters_noref()
From: |
Max Reitz |
Subject: |
[Qemu-devel] [PATCH 1/6] qcow2: Avoid overflow in alloc_clusters_noref() |
Date: |
Tue, 29 Apr 2014 19:03:11 +0200 |
alloc_clusters_noref() stores the cluster index in a uint64_t. However,
offsets are often represented as int64_t (as for example the return
value of alloc_clusters_noref() itself demonstrates). Therefore, we
should make sure all offsets in the allocated range of clusters are
representable using int64_t without overflows.
Signed-off-by: Max Reitz <address@hidden>
---
block/qcow2-refcount.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index a37ee45..e6fc30e 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -653,6 +653,13 @@ retry:
goto retry;
}
}
+
+ /* Make sure that all offsets in the "allocated" range are representable
+ * in an int64_t */
+ if (s->free_cluster_index - 1 > (INT64_MAX >> s->cluster_bits)) {
+ return -E2BIG;
+ }
+
#ifdef DEBUG_ALLOC2
fprintf(stderr, "alloc_clusters: size=%" PRId64 " -> %" PRId64 "\n",
size,
--
1.9.2
- [Qemu-devel] [PATCH 0/6] block: Several fixes, Max Reitz, 2014/04/29
- [Qemu-devel] [PATCH 1/6] qcow2: Avoid overflow in alloc_clusters_noref(),
Max Reitz <=
- [Qemu-devel] [PATCH 2/6] block: Use correct width in format strings, Max Reitz, 2014/04/29
- [Qemu-devel] [PATCH 3/6] qcow2: Catch bdrv_getlength() error, Max Reitz, 2014/04/29
- [Qemu-devel] [PATCH 4/6] qcow2: Check min_size in qcow2_grow_l1_table(), Max Reitz, 2014/04/29
- [Qemu-devel] [PATCH 5/6] block/bochs: Fix error handling for seek_to_sector(), Max Reitz, 2014/04/29
- [Qemu-devel] [PATCH 6/6] block/vdi: Error out immediately in vdi_create(), Max Reitz, 2014/04/29
- Re: [Qemu-devel] [PATCH 0/6] block: Several fixes, Kevin Wolf, 2014/04/30