| commit | 2ebafc854d109ff09b66fb4dd62c2c53fc29754a | |
| author | Kevin Wolf <kwolf@redhat.com> | |
| Tue, 25 Nov 2014 17:12:40 +0000 (25 18:12 +0100) | ||
| committer | Kevin Wolf <kwolf@redhat.com> | |
| Wed, 10 Dec 2014 09:31:13 +0000 (10 10:31 +0100) | ||
| tree | 2647037960aee19ef9c07457a6e4b3bd93330ffa | treesnapshot (tar.gz zip) |
| parent | 3dc7ca3c97dff8732e38828b38e0497efba0fedf | commitdiff |
qcow2: Fix header extension size check
After reading the extension header, offset is incremented, but not
checked against end_offset any more. This way an integer overflow could
happen when checking whether the extension end is within the allowed
range, effectively disabling the check.
This patch adds the missing check and a test case for it.
Cc: qemu-stable@nongnu.org
Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416935562-7760-2-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
After reading the extension header, offset is incremented, but not
checked against end_offset any more. This way an integer overflow could
happen when checking whether the extension end is within the allowed
range, effectively disabling the check.
This patch adds the missing check and a test case for it.
Cc: qemu-stable@nongnu.org
Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416935562-7760-2-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| block/qcow2.c | diffblobblamehistory | |
| tests/qemu-iotests/080 | diffblobblamehistory | |
| tests/qemu-iotests/080.out | diffblobblamehistory |