qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 1/3] qcow2: Fix header extension size check

From: Max Reitz
Subject: Re: [Qemu-devel] [PATCH v2 1/3] qcow2: Fix header extension size check
Date: Tue, 25 Nov 2014 18:22:52 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 
On 2014-11-25 at 18:12, Kevin Wolf wrote:

After reading the extension header, offset is incremented, but not
checked against end_offset any more. This way an integer overflow could
happen when checking whether the extension end is within the allowed
range, effectively disabling the check.

This patch adds the missing check and a test case for it.

Cc: address@hidden
Reported-by: Max Reitz <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
  block/qcow2.c              | 2 +-
  tests/qemu-iotests/080     | 2 ++
  tests/qemu-iotests/080.out | 2 ++
  3 files changed, 5 insertions(+), 1 deletion(-)


Reviewed-by: Max Reitz <address@hidden>
Using g_try_malloc0() might have been nice anyway, but it should work without, now (although it should have worked before as well...).
reply via email to
[Prev in Thread] Current Thread [Next in Thread]