]> git.proxmox.com Git - mirror_qemu.git/commit - block/qcow.c
projects / mirror_qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 42eb581) | patch
qcow1: Validate image size (CVE-2014-0223)
authorKevin Wolf <kwolf@redhat.com>
Thu, 8 May 2014 11:08:20 +0000 (13:08 +0200)
committerKevin Wolf <kwolf@redhat.com>
Mon, 19 May 2014 09:36:49 +0000 (11:36 +0200)
commit46485de0cb357b57373e1ca895adedf1f3ed46ec
tree3d7bdb3799feee94728a37374a26349d46e7b227tree
parent42eb58179b3b215bb507da3262b682b8a2ec10b5commit | diff
qcow1: Validate image size (CVE-2014-0223)

A huge image size could cause s->l1_size to overflow. Make sure that
images never require a L1 table larger than what fits in s->l1_size.

This cannot only cause unbounded allocations, but also the allocation of
a too small L1 table, resulting in out-of-bounds array accesses (both
reads and writes).

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
block/qcow.c diff | blob | blame | history
tests/qemu-iotests/092 diff | blob | blame | history
tests/qemu-iotests/092.out diff | blob | blame | history
QEMU mirror