[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH for-2.0 31/47] qcow2: Fix new L1 table size check (C
From: |
Stefan Hajnoczi |
Subject: |
[Qemu-devel] [PATCH for-2.0 31/47] qcow2: Fix new L1 table size check (CVE-2014-0143) |
Date: |
Wed, 26 Mar 2014 13:05:53 +0100 |
From: Kevin Wolf <address@hidden>
The size in bytes is assigned to an int later, so check that instead of
the number of entries.
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow2-cluster.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 9499df9..242e1f8 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -55,7 +55,7 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t
min_size,
}
}
- if (new_l1_size > INT_MAX) {
+ if (new_l1_size > INT_MAX / sizeof(uint64_t)) {
return -EFBIG;
}
--
1.8.5.3
- [Qemu-devel] [PATCH for-2.0 27/47] qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143), (continued)
- [Qemu-devel] [PATCH for-2.0 27/47] qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143), Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 28/47] qcow2: Check new refcount table size on growth, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 29/47] qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 30/47] qcow2: Protect against some integer overflows in bdrv_check, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 32/47] dmg: coding style and indentation cleanup, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 31/47] qcow2: Fix new L1 table size check (CVE-2014-0143),
Stefan Hajnoczi <=
- [Qemu-devel] [PATCH for-2.0 33/47] dmg: prevent out-of-bounds array access on terminator, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 34/47] dmg: drop broken bdrv_pread() loop, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 35/47] dmg: use appropriate types when reading chunks, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 37/47] dmg: use uint64_t consistently for sectors and lengths, Stefan Hajnoczi, 2014/03/26
- [Qemu-devel] [PATCH for-2.0 36/47] dmg: sanitize chunk length and sectorcount (CVE-2014-0145), Stefan Hajnoczi, 2014/03/26