ShuriZma
/
xqemu
mirror of https://github.com/xqemu/xqemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) 

This ensures that the checks catch all invalid cluster indexes
instead of returning the refcount of a wrong cluster.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Kevin Wolf 2014-03-26 13:05:49 +01:00 committed by Stefan Hajnoczi
parent b106ad9185
commit db8a31d11d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
block/qcow2-refcount.c
View File

@ -89,7 +89,7 @@ static int load_refcount_block(BlockDriverState *bs,
static int get_refcount(BlockDriverState *bs, int64_t cluster_index) static int get_refcount(BlockDriverState *bs, int64_t cluster_index)
{ {
BDRVQcowState *s = bs->opaque; BDRVQcowState *s = bs->opaque;
int refcount_table_index, block_index; uint64_t refcount_table_index, block_index;
int64_t refcount_block_offset; int64_t refcount_block_offset;
int ret; int ret;
uint16_t *refcount_block; uint16_t *refcount_block;