[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 02/16] block: Limit size to INT_MAX in bdrv_check_byt
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PULL 02/16] block: Limit size to INT_MAX in bdrv_check_byte_request() |
Date: |
Wed, 23 Apr 2014 12:04:37 +0200 |
Commit 8f4754ed intended to protect against integer overflow bugs in
block drivers by making sure that a single request that is passed to
drivers is no longer than INT_MAX bytes.
However, meanwhile there are some callers that don't use that code path
any more but call bdrv_check_byte_request() directy, so let's add a
check there as well.
Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Max Reitz <address@hidden>
---
block.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/block.c b/block.c
index 3b7951e..5a0b421 100644
--- a/block.c
+++ b/block.c
@@ -2581,6 +2581,10 @@ static int bdrv_check_byte_request(BlockDriverState *bs,
int64_t offset,
{
int64_t len;
+ if (size > INT_MAX) {
+ return -EIO;
+ }
+
if (!bdrv_is_inserted(bs))
return -ENOMEDIUM;
--
1.8.3.1
- [Qemu-devel] [PULL 00/16] Block patches, Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 03/16] block: Catch integer overflow in bdrv_rw_co(), Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 04/16] block: Check bdrv_getlength() return value in bdrv_make_zero(), Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 05/16] vmdk: Fix %d and %lld to PRI* in format strings, Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 02/16] block: Limit size to INT_MAX in bdrv_check_byte_request(),
Kevin Wolf <=
- [Qemu-devel] [PULL 01/16] block: Fix nb_sectors check in bdrv_check_byte_request(), Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 07/16] curl: Replaced old error handling with error reporting API., Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 11/16] qemu-img: Avoid duplicate block device IDs, Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 13/16] qemu-iotests: Check common namespace for id and node-name, Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 10/16] block: Add errp to bdrv_new(), Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 12/16] block: Catch duplicate IDs in bdrv_new(), Kevin Wolf, 2014/04/23
- [Qemu-devel] [PULL 14/16] qemu-img: Improve error messages, Kevin Wolf, 2014/04/23