|
From: | Max Reitz |
Subject: | Re: [Qemu-devel] [PATCH for-2.0 05/47] block/cloop: refuse images with huge offsets arrays (CVE-2014-0144) |
Date: | Wed, 26 Mar 2014 20:43:36 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
Limit offsets_size to 512 MB so that: 1. g_malloc() does not abort due to an unreasonable size argument. 2. offsets_size does not overflow the bdrv_pread() int size argument. This limit imposes a maximum image size of 16 TB at 256 KB block size. Signed-off-by: Stefan Hajnoczi <address@hidden> Signed-off-by: Kevin Wolf <address@hidden> --- block/cloop.c | 9 +++++++++ tests/qemu-iotests/075 | 6 ++++++ tests/qemu-iotests/075.out | 4 ++++ 3 files changed, 19 insertions(+)
Reviewed-by: Max Reitz <address@hidden>
[Prev in Thread] | Current Thread | [Next in Thread] |