aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Wolf <kwolf@redhat.com>2012-02-22 12:37:13 +0100
committerKevin Wolf <kwolf@redhat.com>2012-02-29 12:48:47 +0100
commit64ca6aee4f06a3af869e5e09f0afeb6721966875 (patch)
treeafbd851167030d78c457e6ea3f23e8f76d0660b2
parentfd29b4bbef9f75bba64ad7c4db38babc397a4814 (diff)
qcow2: Reject too large header extensions
Image files that make qemu-img info read several gigabytes into the unknown header extensions list are bad. Just fail opening the image if an extension claims to be larger than the header extension area. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
-rw-r--r--block/qcow2.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/block/qcow2.c b/block/qcow2.c
index f68f0e1..eb5ea48 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -108,6 +108,11 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
#ifdef DEBUG_EXT
printf("ext.magic = 0x%x\n", ext.magic);
#endif
+ if (ext.len > end_offset - offset) {
+ error_report("Header extension too large");
+ return -EINVAL;
+ }
+
switch (ext.magic) {
case QCOW2_EXT_MAGIC_END:
return 0;