diff options
author | Kevin Wolf <kwolf@redhat.com> | 2014-03-26 13:05:44 +0100 |
---|---|---|
committer | Stefan Hajnoczi <stefanha@redhat.com> | 2014-04-01 14:19:09 +0200 |
commit | 8c7de28305a514d7f879fdfc677ca11fbf60d2e9 (patch) | |
tree | ad8088d9fa966d5b154d3883ecd2c91128f89372 /tests | |
parent | 5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21 (diff) | |
download | qemu-8c7de28305a514d7f879fdfc677ca11fbf60d2e9.tar.gz qemu-8c7de28305a514d7f879fdfc677ca11fbf60d2e9.tar.bz2 qemu-8c7de28305a514d7f879fdfc677ca11fbf60d2e9.zip |
qcow2: Validate refcount table offset
The end of the refcount table must not exceed INT64_MAX so that integer
overflows are avoided.
Also check for misaligned refcount table. Such images are invalid and
probably the result of data corruption. Error out to avoid further
corruption.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/qemu-iotests/080 | 13 | ||||
-rw-r--r-- | tests/qemu-iotests/080.out | 10 |
2 files changed, 23 insertions, 0 deletions
diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index 6179e0519f..f58ac736b7 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -45,6 +45,7 @@ _supported_os Linux header_size=104 offset_backing_file_offset=8 +offset_refcount_table_offset=48 offset_refcount_table_clusters=56 offset_header_size=100 offset_ext_magic=$header_size @@ -76,6 +77,18 @@ poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\xff\xff\xff\xff" poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x02\x00\x01" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Misaligned refcount table ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== Huge refcount offset ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\xff\xff\xff\xff\xff\xff\x00\x00" +poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x00\x00\x7f" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir # success, all done echo "*** done" diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index 6fef6d9892..f919b58d83 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -20,4 +20,14 @@ qemu-io: can't open device TEST_DIR/t.qcow2: Reference count table too large no file open, try 'help open' qemu-io: can't open device TEST_DIR/t.qcow2: Reference count table too large no file open, try 'help open' + +== Misaligned refcount table == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: Invalid reference count table offset +no file open, try 'help open' + +== Huge refcount offset == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: Invalid reference count table offset +no file open, try 'help open' *** done |