diff options
author | Kevin Wolf <kwolf@redhat.com> | 2014-05-08 13:08:20 +0200 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2014-05-19 11:36:49 +0200 |
commit | 46485de0cb357b57373e1ca895adedf1f3ed46ec (patch) | |
tree | 3d7bdb3799feee94728a37374a26349d46e7b227 /block/quorum.c | |
parent | 42eb58179b3b215bb507da3262b682b8a2ec10b5 (diff) | |
download | hqemu-46485de0cb357b57373e1ca895adedf1f3ed46ec.zip hqemu-46485de0cb357b57373e1ca895adedf1f3ed46ec.tar.gz |
qcow1: Validate image size (CVE-2014-0223)
A huge image size could cause s->l1_size to overflow. Make sure that
images never require a L1 table larger than what fits in s->l1_size.
This cannot only cause unbounded allocations, but also the allocation of
a too small L1 table, resulting in out-of-bounds array accesses (both
reads and writes).
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block/quorum.c')
0 files changed, 0 insertions, 0 deletions