git.ipfire.org Git - thirdparty/qemu.git/commit

author	Stefan Hajnoczi <stefanha@redhat.com>
	Wed, 26 Mar 2014 12:05:27 +0000 (13:05 +0100)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 3 Jul 2014 21:18:10 +0000 (16:18 -0500)
commit	7dcffbb2bfcb38c98cff911cd002c09e9326e3cc
tree	55fa5fa6c6ca008c744737901273c0c704081eb4	tree
parent	d723971b5d0c22c5c8bd1b8bdba94bc17cc8f36d	commit \| diff

block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)

Limit offsets_size to 512 MB so that:

1. g_malloc() does not abort due to an unreasonable size argument.

2. offsets_size does not overflow the bdrv_pread() int size argument.

This limit imposes a maximum image size of 16 TB at 256 KB block size.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 7b103b36d6ef3b11827c203d3a793bf7da50ecd6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

block/cloop.c		diff \| blob \| blame \| history
tests/qemu-iotests/075		diff \| blob \| blame \| history
tests/qemu-iotests/075.out		diff \| blob \| blame \| history