| commit | 951053a9ec1c47edf4b2549ef58d82aee8a42a7f | |
| author | Alberto Garcia <berto@igalia.com> | |
| Fri, 3 Nov 2017 14:18:53 +0000 (3 16:18 +0200) | ||
| committer | Max Reitz <mreitz@redhat.com> | |
| Tue, 14 Nov 2017 17:06:25 +0000 (14 18:06 +0100) | ||
| tree | 7ad3b60159e618506325a63dd64efd0dc083f4d5 | treesnapshot (tar.gz zip) |
| parent | 8aa34834d566ba4e635d6029339a5f4f1ae1685e | commitdiff |
qcow2: Don't open images with header.refcount_table_clusters == 0
qcow2_do_open() is checking that header.refcount_table_clusters is not
too large, but it doesn't check that it's greater than zero. Apart
from the fact that an image like that is obviously corrupted, trying
to use it crashes QEMU since we end up with a null s->refcount_table
after qcow2_refcount_init().
These images can however be repaired, so allow opening them if the
BDRV_O_CHECK flag is set.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: f9750f50c80359babba11062e88f5075a47e8e16.1509718618.git.berto@igalia.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
qcow2_do_open() is checking that header.refcount_table_clusters is not
too large, but it doesn't check that it's greater than zero. Apart
from the fact that an image like that is obviously corrupted, trying
to use it crashes QEMU since we end up with a null s->refcount_table
after qcow2_refcount_init().
These images can however be repaired, so allow opening them if the
BDRV_O_CHECK flag is set.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: f9750f50c80359babba11062e88f5075a47e8e16.1509718618.git.berto@igalia.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
| block/qcow2.c | diffblobblamehistory | |
| tests/qemu-iotests/060 | diffblobblamehistory | |
| tests/qemu-iotests/060.out | diffblobblamehistory |