motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-07 17:53:56 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143)

Browse source 
This avoids an unbounded allocation.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Kevin Wolf 2014-03-26 13:06:06 +01:00 committed by Stefan Hajnoczi
parent c05e4667be
commit 6a83f8b5be
5 changed files with 29 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/qemu-iotests/080.out
View file

@ -74,4 +74,10 @@ wrote 512/512 bytes at offset 0
512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
qemu-img: Could not create snapshot 'test': -27 (File too large)
qemu-img: Could not create snapshot 'test': -11 (Resource temporarily unavailable)
== Invalid snapshot L1 table ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
wrote 512/512 bytes at offset 0
512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
qemu-img: Failed to load snapshot: Snapshot L1 table too large
*** done