]> git.proxmox.com Git - mirror_qemu.git/commit - block/qcow2.c
projects / mirror_qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a1b3955) | patch
qcow2: Check refcount table size (CVE-2014-0144)
authorKevin Wolf <kwolf@redhat.com>
Wed, 26 Mar 2014 12:05:43 +0000 (13:05 +0100)
committerStefan Hajnoczi <stefanha@redhat.com>
Tue, 1 Apr 2014 12:19:09 +0000 (14:19 +0200)
commit5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21
tree675dd5f26040c117c2f2fb040b5ea9dfb623ecf6tree
parenta1b3955c9415b1e767c130a2f59fee6aa28e575bcommit | diff
qcow2: Check refcount table size (CVE-2014-0144)

Limit the in-memory reference count table size to 8 MB, it's enough in
practice. This fixes an unbounded allocation as well as a buffer
overflow in qcow2_refcount_init().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
block/qcow2-refcount.c diff | blob | blame | history
block/qcow2.c diff | blob | blame | history
tests/qemu-iotests/080 diff | blob | blame | history
tests/qemu-iotests/080.out diff | blob | blame | history
QEMU mirror