git.proxmox.com Git - mirror_qemu.git/commit

author	Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
	Wed, 27 Feb 2019 13:14:30 +0000 (16:14 +0300)
committer	Max Reitz <mreitz@redhat.com>
	Tue, 7 May 2019 15:14:21 +0000 (17:14 +0200)
commit	a5fff8d4b4d928311a5005efa12d0991fe3b66f9
tree	23e9fcc05dc61c55bed7705ae09430959c692cd0	tree
parent	7e3e736cbd37a633ed5673de4254424745fbf520	commit \| diff

qcow2-refcount: avoid eating RAM

qcow2_inc_refcounts_imrt() (through realloc_refcount_array()) can eat
an unpredictable amount of memory on corrupted table entries, which are
referencing regions far beyond the end of file.

Prevent this, by skipping such regions from further processing.

Interesting that iotest 138 checks exactly the behavior which we fix
here. So, change the test appropriately.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190227131433.197063-3-vsementsov@virtuozzo.com
Signed-off-by: Max Reitz <mreitz@redhat.com>

block/qcow2-refcount.c		diff \| blob \| blame \| history
tests/qemu-iotests/138		diff \| blob \| blame \| history
tests/qemu-iotests/138.out		diff \| blob \| blame \| history