[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH for-2.0 27/47] qcow2: Avoid integer overflow in get_
From: |
Stefan Hajnoczi |
Subject: |
[Qemu-devel] [PATCH for-2.0 27/47] qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) |
Date: |
Wed, 26 Mar 2014 13:05:49 +0100 |
From: Kevin Wolf <address@hidden>
This ensures that the checks catch all invalid cluster indexes
instead of returning the refcount of a wrong cluster.
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow2-refcount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 220b322..561d659 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -89,7 +89,7 @@ static int load_refcount_block(BlockDriverState *bs,
static int get_refcount(BlockDriverState *bs, int64_t cluster_index)
{
BDRVQcowState *s = bs->opaque;
- int refcount_table_index, block_index;
+ uint64_t refcount_table_index, block_index;
int64_t refcount_block_offset;
int ret;
uint16_t *refcount_block;
--
1.8.5.3
- Re: [Qemu-devel] [PATCH for-2.0 21/47] qcow2: Check refcount table size (CVE-2014-0144), (continued)
- [Qemu-devel] [PATCH for-2.0 23/47] qcow2: Validate snapshot table offset/size (CVE-2014-0144), Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 25/47] qcow2: Fix backing file name length check, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 24/47] qcow2: Validate active L1 table offset and size (CVE-2014-0144), Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 26/47] qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147), Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 27/47] qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143),
Stefan Hajnoczi <=
- [Qemu-devel] [PATCH for-2.0 28/47] qcow2: Check new refcount table size on growth, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 29/47] qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 30/47] qcow2: Protect against some integer overflows in bdrv_check, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 32/47] dmg: coding style and indentation cleanup, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 31/47] qcow2: Fix new L1 table size check (CVE-2014-0143), Stefan Hajnoczi, 2014/03/26