From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56499) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YAe9n-0000ff-F7 for qemu-devel@nongnu.org; Mon, 12 Jan 2015 07:31:49 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YAe9g-0002Gt-En for qemu-devel@nongnu.org; Mon, 12 Jan 2015 07:31:43 -0500 Received: from mx1.redhat.com ([209.132.183.28]:48146) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YAe9g-0002Gf-8T for qemu-devel@nongnu.org; Mon, 12 Jan 2015 07:31:36 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t0CCVZCB006509 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 12 Jan 2015 07:31:35 -0500 From: Stefan Hajnoczi Date: Mon, 12 Jan 2015 12:31:31 +0000 Message-Id: <1421065893-18875-1-git-send-email-stefanha@redhat.com> Subject: [Qemu-devel] [PATCH 0/2] qed: additional input validation List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Kevin Wolf , Stefan Hajnoczi , mreitz@redhat.com These patches add an overflow check and a test case for invalid QED headers. Note that this has no security impact because reading the backing filename is limited to sizeof(bs->backing_file). Stefan Hajnoczi (2): qed: check for header size overflow qemu-iotests: add 116 invalid QED input file tests block/qed.c | 6 +++ tests/qemu-iotests/116 | 96 ++++++++++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/116.out | 37 ++++++++++++++++++ tests/qemu-iotests/group | 1 + 4 files changed, 140 insertions(+) create mode 100755 tests/qemu-iotests/116 create mode 100644 tests/qemu-iotests/116.out -- 2.1.0