[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 34/56] qcow2: Avoid making the L1 table too big
From: |
Michael Roth |
Subject: |
[Qemu-stable] [PATCH 34/56] qcow2: Avoid making the L1 table too big |
Date: |
Mon, 8 Aug 2016 16:04:05 -0500 |
From: Max Reitz <address@hidden>
We refuse to open images whose L1 table we deem "too big". Consequently,
we should not produce such images ourselves.
Cc: address@hidden
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Reviewed-by: Eric Blake <address@hidden>
[mreitz: Added QEMU_BUILD_BUG_ON()]
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit 84c26520d3c1c9ff4a10455748139463278816d5)
Signed-off-by: Michael Roth <address@hidden>
---
block/qcow2-cluster.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 31ecc10..22bdb47 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -64,7 +64,8 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t
min_size,
}
}
- if (new_l1_size > INT_MAX / sizeof(uint64_t)) {
+ QEMU_BUILD_BUG_ON(QCOW_MAX_L1_SIZE > INT_MAX);
+ if (new_l1_size > QCOW_MAX_L1_SIZE / sizeof(uint64_t)) {
return -EFBIG;
}
--
1.9.1
- [Qemu-stable] [PATCH 23/56] scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952), (continued)
- [Qemu-stable] [PATCH 23/56] scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952), Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 26/56] vmsvga: move fifo sanity checks to vmsvga_fifo_length, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 30/56] io: remove mistaken call to object_ref on QTask, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 33/56] backup: Don't leak BackupBlockJob in error path, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 31/56] ui: fix regression in printing VNC host/port on startup, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 29/56] vmsvga: don't process more than 1024 fifo commands at once, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 25/56] block: Drop bdrv_ioctl_bh_cb, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 27/56] vmsvga: add more fifo checks, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 28/56] vmsvga: shadow fifo registers, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 02/56] spice/gl: add & use qemu_spice_gl_monitor_config, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 34/56] qcow2: Avoid making the L1 table too big,
Michael Roth <=
- [Qemu-stable] [PATCH 32/56] net: fix qemu_announce_self not emitting packets, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 35/56] qapi: Fix crash on missing alternate member of QAPI struct, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 36/56] pci-assign: Move "Invalid ROM" error message to pci-assign-load-rom.c, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 37/56] vfio/pci: Fix VGA quirks, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 38/56] nbd: Allow larger requests, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 39/56] scsi-generic: Merge block max xfer len in INQUIRY response, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 40/56] scsi: Advertise limits by blocksize, not 512, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 41/56] target-sparc: fix register corruption in ldstub if there is no write permission, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 44/56] s390x/ipl: fix reboots for migration from different bios, Michael Roth, 2016/08/08
- [Qemu-stable] [PATCH 46/56] qemu-iotests: Test naming of throttling groups, Michael Roth, 2016/08/08