[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] qcow2.c: Check if backing file name length is valid
From: |
Deepak Kathayat |
Subject: |
[Qemu-devel] [PATCH] qcow2.c: Check if backing file name length is valid |
Date: |
Wed, 19 Mar 2014 16:19:33 +0800 |
Signed-off-by: Deepak Kathayat <address@hidden>
---
The len variable is a signed integer whereas the backing file name
length in the image header is unsigned. Therefore, it may
overflow. Furthermore, backing file name length cannot be
zero. These two cases must be handled explicitly.
block/qcow2.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/block/qcow2.c b/block/qcow2.c
index 945c9d6..7b6f65c 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -625,6 +625,11 @@ static int qcow2_open(BlockDriverState *bs, QDict
*options, int flags,
/* read the backing file name */
if (header.backing_file_offset != 0) {
len = header.backing_file_size;
+ if (len <= 0) {
+ error_setg(errp, "Invalid backing file name length: %d", len);
+ ret = -EINVAL;
+ goto fail;
+ }
if (len > 1023) {
len = 1023;
}
--
1.7.9.5
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [PATCH] qcow2.c: Check if backing file name length is valid,
Deepak Kathayat <=