git.ipfire.org Git - thirdparty/qemu.git/commit

author	Kevin Wolf <kwolf@redhat.com>
	Tue, 25 Nov 2014 17:12:40 +0000 (18:12 +0100)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Wed, 14 Jan 2015 23:08:42 +0000 (17:08 -0600)
commit	b495764ae801daeb4ec690b628301f75838352a1
tree	bd4c6111e1b8b379519df229eb0a106dcaf25d7a	tree
parent	21640bf6e08e4d69bab1bd1ea0bed562d1fc726c	commit \| diff

qcow2: Fix header extension size check

After reading the extension header, offset is incremented, but not
checked against end_offset any more. This way an integer overflow could
happen when checking whether the extension end is within the allowed
range, effectively disabling the check.

This patch adds the missing check and a test case for it.

Cc: qemu-stable@nongnu.org
Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416935562-7760-2-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 2ebafc854d109ff09b66fb4dd62c2c53fc29754a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

block/qcow2.c		diff \| blob \| blame \| history
tests/qemu-iotests/080		diff \| blob \| blame \| history
tests/qemu-iotests/080.out		diff \| blob \| blame \| history