]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6f6db0c) | patch
qcow2: Check refcount table size (CVE-2014-0144)
authorKevin Wolf <kwolf@redhat.com>
Wed, 26 Mar 2014 12:05:43 +0000 (13:05 +0100)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Thu, 3 Jul 2014 21:18:12 +0000 (16:18 -0500)
commitf6027f805b111deccc0e09eec53d8be9812493fa
tree33e0f099ac64dd7239ad7addd44a22eff2361e71tree
parent6f6db0c7aff11b233442d5e9e105f9b8bb66f2c5commit | diff
qcow2: Check refcount table size (CVE-2014-0144)

Limit the in-memory reference count table size to 8 MB, it's enough in
practice. This fixes an unbounded allocation as well as a buffer
overflow in qcow2_refcount_init().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
block/qcow2-refcount.c diff | blob | blame | history
block/qcow2.c diff | blob | blame | history
tests/qemu-iotests/080 diff | blob | blame | history
tests/qemu-iotests/080.out diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git