[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH v3 4/4] qcow2: Avoid memory over-allocation on c
Re: [Qemu-block] [PATCH v3 4/4] qcow2: Avoid memory over-allocation on compressed images
Thu, 22 Feb 2018 13:02:44 -0600
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
On 02/22/2018 10:23 AM, Alberto Garcia wrote:
On Thu 22 Feb 2018 04:59:22 PM CET, Eric Blake wrote:
sector_offset = coffset & 511;
csize = nb_csectors * 512 - sector_offset;
+ assert(csize < 2 * s->cluster_size);
I think it should be <=
If sector_offset is 0 and nb_csector is the maximum allowed value then
csize is exactly 2 * s->cluster_size bytes.
Sigh, yes you're right. I was thinking that "qemu sets csize to a
maximum of s->cluster_size, but only when sector_offset is not 0" - but
as long as we're dealing with externally-produced images, sector_offset
can be 0 at the same time as providing all 1s to the field. So I did
indeed have an off-by-one.
Perhaps the maintainer can fix it up, instead of me spinning a v4?
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[Qemu-block] [PATCH v3 3/4] qcow2: Don't allow overflow during cluster allocation, Eric Blake, 2018/02/22