|
| From: | Eric Blake |
| Subject: | Re: [Qemu-devel] [PATCH 8/8] qcow2: Read outside array bounds in qcow2_pre_write_overlap_check() |
| Date: | Thu, 30 Aug 2018 13:43:23 -0500 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
On 08/30/2018 10:47 AM, Liam Merwick wrote:
The commit for 0e4e4318eaa5 increments QCOW2_OL_MAX_BITNR but does not
add an array entry for QCOW2_OL_BITMAP_DIRECTORY_BITNR to metadata_ol_names[].
As a result, an array dereference of metadata_ol_names[8] in
qcow2_pre_write_overlap_check() could result in a read outside of the array
bounds.
Fixes: 0e4e4318eaa5 ('qcow2: add overlap check for bitmap directory')
Cc: Vladimir Sementsov-Ogievskiy <address@hidden>
Signed-off-by: Liam Merwick <address@hidden>
Reviewed-by: Darren Kenny <address@hidden>
Reviewed-by: Mark Kanda <address@hidden>
---
block/qcow2-refcount.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
The fix looks correct, but to prevent the problem from happening again, I'd suggest you also add a compile-time BUG_ON that fails if the array size gets out of sync again due to another addition of another overlap detection bit.
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
| [Prev in Thread] | Current Thread | [Next in Thread] |