[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] qcow2-refcount: Catch array overflow
From: |
Max Reitz |
Subject: |
[Qemu-devel] [PATCH] qcow2-refcount: Catch array overflow |
Date: |
Fri, 20 Sep 2013 12:14:44 +0200 |
Add an assertion to alloc_refcount_block which catches an array index
being out of bounds; this may occur if cluster_index is much too high
(exceeding the image size). This in turn can be caused for instance by
snapshotting a corrupted image (i.e., corrupted L2 tables).
Signed-off-by: Max Reitz <address@hidden>
---
block/qcow2-refcount.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 4264148..80da2ff 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -341,6 +341,7 @@ static int alloc_refcount_block(BlockDriverState *bs,
/* Fill the new refcount table */
memcpy(new_table, s->refcount_table,
s->refcount_table_size * sizeof(uint64_t));
+ assert(refcount_table_index < table_size);
new_table[refcount_table_index] = new_block;
int i;
--
1.8.3.1
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [PATCH] qcow2-refcount: Catch array overflow,
Max Reitz <=