ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/block
History
Kevin Wolf e6c55cf7c2 qcow1: Check maximum cluster size 
Huge values for header.cluster_bits cause unbounded allocations (e.g.
for s->cluster_cache) and crash qemu this way. Less huge values may
survive those allocations, but can cause integer overflows later on.

The only cluster sizes that qemu can create are 4k (for standalone
images) and 512 (for images with backing files), so we can limit it
to 64k.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
(cherry picked from commit 7159a45b2b)

Conflicts:
	block/qcow.c
	tests/qemu-iotests/group

*removed mismatch due to error msgs from upstream's b6d5066d
*removed context from upstream block tests

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2014-07-03 16:31:28 -05:00
..
Makefile.objs block: vhdx - log parsing, replay, and flush support 2013-11-07 13:58:58 +01:00
backup.c qapi: make use of new BlockJobType 2013-10-11 10:52:54 +02:00
blkdebug.c blkdebug: Employ error parameter 2013-10-11 16:50:00 +02:00
blkverify.c blkverify: Employ error parameter 2013-10-11 16:50:00 +02:00
bochs.c bochs: Fix bitmap offset calculation 2014-07-03 16:18:11 -05:00
cloop.c block/cloop: fix offsets[] size off-by-one 2014-07-03 16:18:10 -05:00
commit.c qapi: make use of new BlockJobType 2013-10-11 10:52:54 +02:00
cow.c block: Error parameter for create functions 2013-09-12 10:12:48 +02:00
curl.c curl: check data size before memcpy to local buffer. (CVE-2014-0144) 2014-07-03 16:18:11 -05:00
dmg.c dmg: prevent chunk buffer overflow (CVE-2014-0145) 2014-07-03 16:18:13 -05:00
gluster.c block: introduce BlockDriver.bdrv_needs_filename to enable some drivers. 2013-09-25 16:21:28 +02:00
iscsi.c block/iscsi: fix deadlock on scsi check condition 2014-06-25 11:08:29 -05:00
linux-aio.c aio: drop io_flush argument 2013-08-19 15:52:19 +02:00
mirror.c mirror: fix early wake from sleep due to aio 2014-06-25 15:26:29 -05:00
nbd.c bdrv: Use "Error" for opening images 2013-09-12 10:12:47 +02:00
parallels.c parallels: Sanity check for s->tracks (CVE-2014-0142) 2014-07-03 16:31:28 -05:00
qapi.c block/qapi: Human-readable ImageInfoSpecific dump 2013-10-11 10:52:54 +02:00
qcow.c qcow1: Check maximum cluster size 2014-07-03 16:31:28 -05:00
qcow2-cache.c qcow2: Use negated overflow check mask 2013-10-11 16:50:00 +02:00
qcow2-cluster.c qcow2: Fix copy_sectors() with VM state 2014-07-03 16:18:14 -05:00
qcow2-refcount.c qcow2: Protect against some integer overflows in bdrv_check 2014-07-03 16:18:13 -05:00
qcow2-snapshot.c qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) 2014-07-03 16:31:28 -05:00
qcow2.c qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) 2014-07-03 16:31:28 -05:00
qcow2.h qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) 2014-07-03 16:31:28 -05:00
qed-check.c qed: mark image clean after repair succeeds 2012-08-10 10:25:12 +02:00
qed-cluster.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-gencb.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-l2-cache.c qed: do not evict in-use L2 table cache entries 2012-03-12 15:14:06 +01:00
qed-table.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qed.c block: Error parameter for create functions 2013-09-12 10:12:48 +02:00
qed.h block: qed - use QEMU_PACKED for on-disk structures 2013-09-25 20:51:15 +02:00
raw-aio.h block: make discard asynchronous 2013-01-15 10:03:47 +01:00
raw-posix.c block: Print its file name if backing file opening failed 2013-11-14 13:09:06 +01:00
raw-win32.c block: Print its file name if backing file opening failed 2013-11-14 13:09:06 +01:00
raw_bsd.c block: Avoid unecessary drv->bdrv_getlength() calls 2013-10-29 13:10:26 +01:00
rbd.c rbd: avoid qemu_rbd_snap_list() memory leaks 2013-09-25 16:22:00 +02:00
sheepdog.c sheepdog: check simultaneous create in resend_aioreq 2013-10-30 12:22:24 +01:00
snapshot.c bdrv: Use "Error" for opening images 2013-09-12 10:12:47 +02:00
ssh.c bdrv: Use "Error" for creating images 2013-09-12 10:12:48 +02:00
stream.c qapi: make use of new BlockJobType 2013-10-11 10:52:54 +02:00
vdi.c vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144) 2014-07-03 16:18:11 -05:00
vhdx-endian.c block: vhdx - move more endian translations to vhdx-endian.c 2013-11-07 13:58:59 +01:00
vhdx-log.c block: vhdx - add log write support 2013-11-07 13:58:59 +01:00
vhdx.c vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148) 2014-07-03 16:18:11 -05:00
vhdx.h block: vhdx - add .bdrv_create() support 2013-11-07 13:58:59 +01:00
vmdk.c block: Use BDRV_O_NO_BACKING where appropriate 2014-06-25 16:33:46 -05:00
vpc.c vpc: Validate block size (CVE-2014-0142) 2014-07-03 16:18:11 -05:00
vvfat.c block: Error parameter for create functions 2013-09-12 10:12:48 +02:00
win32-aio.c win32-aio: drop win32_aio_flush_cb() 2013-08-22 22:05:04 +02:00