[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 18/30] qcow2: Assert against currently impossible ove
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PULL 18/30] qcow2: Assert against currently impossible overflow |
Date: |
Fri, 27 Sep 2013 17:39:18 +0200 |
From: Max Reitz <address@hidden>
If qcow2_alloc_cluster_link_l2 is called with a QCowL2Meta describing a
request crossing L2 boundaries, a buffer overflow will occur. This is
impossible right now since such requests are never generated (every
request is shortened to L2 boundaries before) and probably also
completely unintended (considering the name "QCowL2Meta"), however, it
is still worth an assertion.
Signed-off-by: Max Reitz <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow2-cluster.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 738ff73..cab5f2e 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -716,6 +716,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs,
QCowL2Meta *m)
}
qcow2_cache_entry_mark_dirty(s->l2_table_cache, l2_table);
+ assert(l2_index + m->nb_clusters <= s->l2_size);
for (i = 0; i < m->nb_clusters; i++) {
/* if two concurrent writes happen to the same unallocated cluster
* each write allocates separate cluster and writes data concurrently.
--
1.8.1.4
- [Qemu-devel] [PULL 11/30] block: Fix compiler warning (-Werror=uninitialized), (continued)
- [Qemu-devel] [PULL 11/30] block: Fix compiler warning (-Werror=uninitialized), Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 07/30] vmdk: fix cluster size check for flat extents, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 09/30] qemu-iotests: add monolithicFlat creation test to 059, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 08/30] qemu-iotests: fix test case 059, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 17/30] block: qed - use QEMU_PACKED for on-disk structures, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 12/30] qdict: Extract qdict_extract_subqdict, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 15/30] block: vpc - use QEMU_PACKED for on-disk structures, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 20/30] qemu-iotests: fix qmp.py search path, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 14/30] block: vdi - use QEMU_PACKED for on-disk structures, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 13/30] rbd: avoid qemu_rbd_snap_list() memory leaks, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 18/30] qcow2: Assert against currently impossible overflow,
Kevin Wolf <=
- [Qemu-devel] [PULL 16/30] block: qcow2 - used QEMU_PACKED for on-disk structures, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 19/30] block: use DIV_ROUND_UP in bdrv_co_do_readv, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 21/30] qemu-iotests: Add basic ability to use binary sample images, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 22/30] qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 26/30] qcow2: Always use error path in l2_allocate, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 28/30] qcow2: count_contiguous_clusters and compression, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 27/30] qcow2: Free only newly allocated clusters on error, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 29/30] qcow2: COMPRESSED on count_contiguous_clusters, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 30/30] qcow2: Remove useless count_contiguous_clusters() parameter, Kevin Wolf, 2013/09/27
- [Qemu-devel] [PULL 24/30] qemu-iotests: Preallocated zero clusters in 061, Kevin Wolf, 2013/09/27