]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 818ce84) | patch
qcow2: Validate snapshot table offset/size (CVE-2014-0144)
authorKevin Wolf <kwolf@redhat.com>
Wed, 26 Mar 2014 12:05:45 +0000 (13:05 +0100)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Thu, 3 Jul 2014 21:18:12 +0000 (16:18 -0500)
commit04bc6981ca7ea65d9d4e61b4758dcb9336fd045d
tree6b9da005dcbb3ccf3f96017992bf536b6f43bd56tree
parent818ce8487eba6b460af5a7e9f3ae38533ff85bf1commit | diff
qcow2: Validate snapshot table offset/size (CVE-2014-0144)

This avoid unbounded memory allocation and fixes a potential buffer
overflow on 32 bit hosts.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit ce48f2f441ca98885267af6fd636a7cb804ee646)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
block/qcow2-snapshot.c diff | blob | blame | history
block/qcow2.c diff | blob | blame | history
block/qcow2.h diff | blob | blame | history
tests/qemu-iotests/080 diff | blob | blame | history
tests/qemu-iotests/080.out diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git