[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] qcow2: Reject unrealistically large header exte
|
From: |
Kevin Wolf |
|
Subject: |
Re: [Qemu-devel] [PATCH] qcow2: Reject unrealistically large header extensions |
|
Date: |
Tue, 28 Feb 2012 11:18:05 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120209 Thunderbird/10.0.1 |
Am 28.02.2012 11:00, schrieb Stefan Hajnoczi:
> On Tue, Feb 28, 2012 at 9:47 AM, Kevin Wolf <address@hidden> wrote:
>> Am 28.02.2012 10:33, schrieb Stefan Hajnoczi:
>>> On Mon, Feb 27, 2012 at 4:27 PM, Kevin Wolf <address@hidden> wrote:
>>>> + if (ext.len > 65536) {
>>>> + error_report("Header extension larger than 64k - this looks
>>>> wrong");
>>>> + return -ENOTSUP;
>>>> + }
>>>
>>> This is an implementation limit and not in the spec, but I think it's
>>> reasonable.
>>>
>>> Reviewed-by: Stefan Hajnoczi <address@hidden>
>>
>> Hm, actually, now that I look at this patch again, I think there's a
>> much better error condition that even matches the spec:
>>
>> if (offset + ext.len > end_offset)
>
> Careful, integer overflow.
offset/end_offset are uint64_t offsets into the first cluster, ext.len
is uint32_t. Looks safe.
Kevin