[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 13/14] qcow2: Fix qemu-img check segfault on corrupt
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PATCH 13/14] qcow2: Fix qemu-img check segfault on corrupted images |
Date: |
Tue, 22 Jun 2010 16:09:32 +0200 |
With corrupted images, we can easily get an cluster index that exceeds the
array size of the temporary refcount table.
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow2-refcount.c | 14 +++++++++++---
1 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index c2d0e61..cedf57e 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -1140,22 +1140,30 @@ int qcow2_check_refcounts(BlockDriverState *bs)
s->refcount_table_offset,
s->refcount_table_size * sizeof(uint64_t));
for(i = 0; i < s->refcount_table_size; i++) {
- int64_t offset;
+ uint64_t offset, cluster;
offset = s->refcount_table[i];
+ cluster = offset >> s->cluster_bits;
/* Refcount blocks are cluster aligned */
if (offset & (s->cluster_size - 1)) {
fprintf(stderr, "ERROR refcount block %d is not "
"cluster aligned; refcount table entry corrupted\n", i);
errors++;
+ continue;
+ }
+
+ if (cluster >= nb_clusters) {
+ fprintf(stderr, "ERROR refcount block %d is outside image\n", i);
+ errors++;
+ continue;
}
if (offset != 0) {
errors += inc_refcounts(bs, refcount_table, nb_clusters,
offset, s->cluster_size);
- if (refcount_table[offset / s->cluster_size] != 1) {
+ if (refcount_table[cluster] != 1) {
fprintf(stderr, "ERROR refcount block %d refcount=%d\n",
- i, refcount_table[offset / s->cluster_size]);
+ i, refcount_table[cluster]);
}
}
}
--
1.6.6.1
- [Qemu-devel] [PATCH 03/14] block: fix physical_block_size calculation, (continued)
- [Qemu-devel] [PATCH 03/14] block: fix physical_block_size calculation, Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 01/14] scsi-bus: Add PERSISTENT_RESERVE_OUT SCSIRequest->cmd.mode setup, Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 05/14] block: Add bdrv_(p)write_sync, Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 04/14] monitor: allow device to be ejected if no disk is inserted, Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 07/14] qcow: Use bdrv_(p)write_sync for metadata writes, Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 09/14] vmdk: Use bdrv_(p)write_sync for metadata writes, Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 06/14] cow: Use bdrv_(p)write_sync for metadata writes, Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 11/14] qemu-io: check registered fds in command_loop(), Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 12/14] virtio-blk: fix the list operation in virtio_blk_load()., Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 08/14] qcow2: Use bdrv_(p)write_sync for metadata writes, Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 13/14] qcow2: Fix qemu-img check segfault on corrupted images,
Kevin Wolf <=
- [Qemu-devel] [PATCH 10/14] vpc: Use bdrv_(p)write_sync for metadata writes, Kevin Wolf, 2010/06/22
- [Qemu-devel] [PATCH 14/14] qcow2: Don't try to check tables that couldn't be loaded, Kevin Wolf, 2010/06/22