[Qemu-devel] [PATCH 3/3] qcow2: Assert against snapshot name/ID overflow

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Max Reitz <mreitz@redhat.com>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	Max Reitz <mreitz@redhat.com>
Subject: [Qemu-devel] [PATCH 3/3] qcow2: Assert against snapshot name/ID overflow
Date: Wed,  9 Oct 2013 10:51:06 +0200	[thread overview]
Message-ID: <1381308666-24268-4-git-send-email-mreitz@redhat.com> (raw)
In-Reply-To: <1381308666-24268-1-git-send-email-mreitz@redhat.com>

qcow2_write_snapshots relies on the length of every snapshot ID and name
fitting into an unsigned 16 bit integer. This is currently ensured by
QEMU through generally only allowing 128 byte IDs and 256 byte names.
However, if this should change in the future, the length written to the
image file should not be silently truncated (though the name itself
would be written completely).

Since this is currently not an issue but might require attention due to
internal QEMU changes in the future, an assert ensuring sanity is enough
for now.

Signed-off-by: Max Reitz <mreitz@redhat.com>
---
 block/qcow2-snapshot.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index f6f3e64..812dab2 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -221,6 +221,7 @@ static int qcow2_write_snapshots(BlockDriverState *bs)

         id_str_size = strlen(sn->id_str);
         name_size = strlen(sn->name);
+        assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX);
         h.id_str_size = cpu_to_be16(id_str_size);
         h.name_size = cpu_to_be16(name_size);
         offset = align_offset(offset, 8);
-- 
1.8.3.1

next prev parent reply	other threads:[~2013-10-09  8:51 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-09  8:51 [Qemu-devel] [PATCH 0/3] qcow2: Small error path fixes for snapshot writing Max Reitz
2013-10-09  8:51 ` [Qemu-devel] [PATCH 1/3] qcow2: Always use error path on writing snapshots Max Reitz
2013-10-09  8:51 ` [Qemu-devel] [PATCH 2/3] qcow2: Free allocated snapshot table on error Max Reitz
2013-10-09  8:51 ` Max Reitz [this message]
2013-10-09  9:53 ` [Qemu-devel] [PATCH 0/3] qcow2: Small error path fixes for snapshot writing Kevin Wolf

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f6f3e64 dfblob:812dab2 )
 OR (
bs:"[Qemu-devel] [PATCH 3/3] qcow2: Assert against snapshot name/ID overflow" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1381308666-24268-4-git-send-email-mreitz@redhat.com \
    --to=mreitz@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).