summaryrefslogtreecommitdiffstats
path: root/block
diff options
context:
space:
mode:
authorKevin Wolf <kwolf@redhat.com>2014-04-09 12:10:34 +0200
committerKevin Wolf <kwolf@redhat.com>2014-04-11 13:59:49 +0200
commit715c3f60efa9801a777a71cd06eaf8efa7eaa2a8 (patch)
tree49c048c88723c0ad327faf47feb15c14c85a85b2 /block
parent28ec11bc882387e51c7450558af5a49b8be95a36 (diff)
downloadhqemu-715c3f60efa9801a777a71cd06eaf8efa7eaa2a8.zip
hqemu-715c3f60efa9801a777a71cd06eaf8efa7eaa2a8.tar.gz
bochs: Fix catalog size check
The old check was off by a factor of 512 and didn't consider cases where we don't get an exact division. This could lead to an out-of-bounds array access in seek_to_sector(). Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'block')
-rw-r--r--block/bochs.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/block/bochs.c b/block/bochs.c
index 50b84a9..eacf956 100644
--- a/block/bochs.c
+++ b/block/bochs.c
@@ -148,8 +148,14 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags,
s->extent_blocks = 1 + (le32_to_cpu(bochs.extent) - 1) / 512;
s->extent_size = le32_to_cpu(bochs.extent);
- if (s->extent_size == 0) {
- error_setg(errp, "Extent size may not be zero");
+ if (s->extent_size < BDRV_SECTOR_SIZE) {
+ /* bximage actually never creates extents smaller than 4k */
+ error_setg(errp, "Extent size must be at least 512");
+ ret = -EINVAL;
+ goto fail;
+ } else if (!is_power_of_2(s->extent_size)) {
+ error_setg(errp, "Extent size %" PRIu32 " is not a power of two",
+ s->extent_size);
ret = -EINVAL;
goto fail;
} else if (s->extent_size > 0x800000) {
@@ -159,7 +165,9 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags,
goto fail;
}
- if (s->catalog_size < bs->total_sectors / s->extent_size) {
+ if (s->catalog_size < DIV_ROUND_UP(bs->total_sectors,
+ s->extent_size / BDRV_SECTOR_SIZE))
+ {
error_setg(errp, "Catalog size is too small for this disk size");
ret = -EINVAL;
goto fail;
OpenPOWER on IntegriCloud