From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:41046) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1S2K50-0003Jd-At for qemu-devel@nongnu.org; Tue, 28 Feb 2012 05:14:47 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1S2K4s-0002pt-MS for qemu-devel@nongnu.org; Tue, 28 Feb 2012 05:14:45 -0500 Received: from mx1.redhat.com ([209.132.183.28]:28231) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1S2K4s-0002pF-F3 for qemu-devel@nongnu.org; Tue, 28 Feb 2012 05:14:38 -0500 Message-ID: <4F4CA9DD.3060903@redhat.com> Date: Tue, 28 Feb 2012 11:18:05 +0100 From: Kevin Wolf MIME-Version: 1.0 References: <1330360065-27334-1-git-send-email-kwolf@redhat.com> <4F4CA2C1.7070708@redhat.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] qcow2: Reject unrealistically large header extensions List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: qemu-devel@nongnu.org Am 28.02.2012 11:00, schrieb Stefan Hajnoczi: > On Tue, Feb 28, 2012 at 9:47 AM, Kevin Wolf wrote: >> Am 28.02.2012 10:33, schrieb Stefan Hajnoczi: >>> On Mon, Feb 27, 2012 at 4:27 PM, Kevin Wolf wrote: >>>> + if (ext.len > 65536) { >>>> + error_report("Header extension larger than 64k - this looks wrong"); >>>> + return -ENOTSUP; >>>> + } >>> >>> This is an implementation limit and not in the spec, but I think it's >>> reasonable. >>> >>> Reviewed-by: Stefan Hajnoczi >> >> Hm, actually, now that I look at this patch again, I think there's a >> much better error condition that even matches the spec: >> >> if (offset + ext.len > end_offset) > > Careful, integer overflow. offset/end_offset are uint64_t offsets into the first cluster, ext.len is uint32_t. Looks safe. Kevin