diff options
| author | Kevin Wolf <kwolf@redhat.com> | 2014-03-26 13:05:53 +0100 |
|---|---|---|
| committer | Stefan Hajnoczi <stefanha@redhat.com> | 2014-04-01 15:22:35 +0200 |
| commit | cab60de930684c33f67d4e32c7509b567f8c445b (patch) | |
| tree | 4e2f125f9c23314e55e742172151087be8f8c51a /block/qcow2-cluster.c | |
| parent | 0abe740f1de899737242bcba1fb4a9857f7a3087 (diff) | |
| download | qemu-cab60de930684c33f67d4e32c7509b567f8c445b.tar.gz qemu-cab60de930684c33f67d4e32c7509b567f8c445b.tar.bz2 qemu-cab60de930684c33f67d4e32c7509b567f8c445b.zip | |
qcow2: Fix new L1 table size check (CVE-2014-0143)
The size in bytes is assigned to an int later, so check that instead of
the number of entries.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'block/qcow2-cluster.c')
| -rw-r--r-- | block/qcow2-cluster.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 9499df9ef2..242e1f89b2 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -55,7 +55,7 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t min_size, } } - if (new_l1_size > INT_MAX) { + if (new_l1_size > INT_MAX / sizeof(uint64_t)) { return -EFBIG; } |