[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2] qcow2: Reject too large header extensions
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PATCH v2] qcow2: Reject too large header extensions |
Date: |
Tue, 28 Feb 2012 11:26:15 +0100 |
Image files that make qemu-img info read several gigabytes into the
unknown header extensions list are bad. Just fail opening the image
if an extension claims to be larger than the header extension area.
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow2.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/block/qcow2.c b/block/qcow2.c
index f68f0e1..eb5ea48 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -108,6 +108,11 @@ static int qcow2_read_extensions(BlockDriverState *bs,
uint64_t start_offset,
#ifdef DEBUG_EXT
printf("ext.magic = 0x%x\n", ext.magic);
#endif
+ if (ext.len > end_offset - offset) {
+ error_report("Header extension too large");
+ return -EINVAL;
+ }
+
switch (ext.magic) {
case QCOW2_EXT_MAGIC_END:
return 0;
--
1.7.6.5
- [Qemu-devel] [PATCH v2] qcow2: Reject too large header extensions,
Kevin Wolf <=