From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 18/30] qcow2: Assert against currently impossible overflow
Date: Fri, 27 Sep 2013 17:39:18 +0200 [thread overview]
Message-ID: <1380296370-14523-19-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1380296370-14523-1-git-send-email-kwolf@redhat.com>
From: Max Reitz <mreitz@redhat.com>
If qcow2_alloc_cluster_link_l2 is called with a QCowL2Meta describing a
request crossing L2 boundaries, a buffer overflow will occur. This is
impossible right now since such requests are never generated (every
request is shortened to L2 boundaries before) and probably also
completely unintended (considering the name "QCowL2Meta"), however, it
is still worth an assertion.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/qcow2-cluster.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 738ff73..cab5f2e 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -716,6 +716,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m)
}
qcow2_cache_entry_mark_dirty(s->l2_table_cache, l2_table);
+ assert(l2_index + m->nb_clusters <= s->l2_size);
for (i = 0; i < m->nb_clusters; i++) {
/* if two concurrent writes happen to the same unallocated cluster
* each write allocates separate cluster and writes data concurrently.
--
1.8.1.4
next prev parent reply other threads:[~2013-09-27 15:40 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-27 15:39 [Qemu-devel] [PULL 00/30] Block patches Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 01/30] block: fix backing file overriding Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 02/30] qemu-iotests: add test for " Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 03/30] qemu-iotests: Do not execute 052 with -nocache Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 04/30] qcow2: Don't shadow return value Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 05/30] block/get_block_status: set *pnum = 0 on error Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 06/30] block/get_block_status: avoid segfault if there is no backing_hd Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 07/30] vmdk: fix cluster size check for flat extents Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 08/30] qemu-iotests: fix test case 059 Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 09/30] qemu-iotests: add monolithicFlat creation test to 059 Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 10/30] block: introduce BlockDriver.bdrv_needs_filename to enable some drivers Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 11/30] block: Fix compiler warning (-Werror=uninitialized) Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 12/30] qdict: Extract qdict_extract_subqdict Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 13/30] rbd: avoid qemu_rbd_snap_list() memory leaks Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 14/30] block: vdi - use QEMU_PACKED for on-disk structures Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 15/30] block: vpc " Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 16/30] block: qcow2 - used " Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 17/30] block: qed - use " Kevin Wolf
2013-09-27 15:39 ` Kevin Wolf [this message]
2013-09-27 15:39 ` [Qemu-devel] [PULL 19/30] block: use DIV_ROUND_UP in bdrv_co_do_readv Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 20/30] qemu-iotests: fix qmp.py search path Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 21/30] qemu-iotests: Add basic ability to use binary sample images Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 22/30] qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 24/30] qemu-iotests: Preallocated zero clusters in 061 Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 25/30] qcow2: Don't put invalid L2 table into cache Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 26/30] qcow2: Always use error path in l2_allocate Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 27/30] qcow2: Free only newly allocated clusters on error Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 28/30] qcow2: count_contiguous_clusters and compression Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 29/30] qcow2: COMPRESSED on count_contiguous_clusters Kevin Wolf
2013-09-27 15:39 ` [Qemu-devel] [PULL 30/30] qcow2: Remove useless count_contiguous_clusters() parameter Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1380296370-14523-19-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).