qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 3/4] qcow2: Sanitize refcount table size

From: Max Reitz
Subject: [Qemu-devel] [PATCH 3/4] qcow2: Sanitize refcount table size
Date: Sun, 17 Nov 2013 15:18:43 +0100 
Make sure there were no overflows when calculating the in-memory
refcount table size from the number of its clusters in-file.

Signed-off-by: Max Reitz <address@hidden>
---
 block/qcow2.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/block/qcow2.c b/block/qcow2.c
index 3e612a8..9c29e1a 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -558,6 +558,14 @@ static int qcow2_open(BlockDriverState *bs, QDict 
*options, int flags,
     s->refcount_table_size =
         header.refcount_table_clusters << (s->cluster_bits - 3);
 
+    if ((s->refcount_table_size >> (s->cluster_bits - 3)) !=
+        header.refcount_table_clusters)
+    {
+        error_setg(errp, "Refcount table is too big");
+        ret = -EINVAL;
+        goto fail;
+    }
+
     /* read the level 1 table */
     s->l1_size = header.l1_size;
 
-- 
1.8.4.2
reply via email to
[Prev in Thread] Current Thread [Next in Thread]