qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 2/4] qcow2-refcount: Sanitize refcount table size


From: Max Reitz
Subject: [Qemu-devel] [PATCH 2/4] qcow2-refcount: Sanitize refcount table size
Date: Sun, 17 Nov 2013 15:18:42 +0100

Make sure the refcount table size will not overflow when multiplied by
sizeof(uint64_t) and implicitly casted to int.

Signed-off-by: Max Reitz <address@hidden>
---
 block/qcow2-refcount.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 1ff43d0..2912097 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -42,6 +42,10 @@ int qcow2_refcount_init(BlockDriverState *bs)
     BDRVQcowState *s = bs->opaque;
     int ret, refcount_table_size2, i;
 
+    if (s->refcount_table_size >= INT_MAX / sizeof(uint64_t)) {
+        goto fail;
+    }
+
     refcount_table_size2 = s->refcount_table_size * sizeof(uint64_t);
     s->refcount_table = g_malloc(refcount_table_size2);
     if (s->refcount_table_size > 0) {
-- 
1.8.4.2




reply via email to

[Prev in Thread] Current Thread [Next in Thread]