vitalif
/
mirror_qemu
mirror of https://github.com/proxmox/mirror_qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror_qemu/block
History
Kevin Wolf 2ebafc854d qcow2: Fix header extension size check 
After reading the extension header, offset is incremented, but not
checked against end_offset any more. This way an integer overflow could
happen when checking whether the extension end is within the allowed
range, effectively disabling the check.

This patch adds the missing check and a test case for it.

Cc: qemu-stable@nongnu.org
Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416935562-7760-2-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
 		2014-12-10 10:31:13 +01:00
..
Makefile.objs qemu-img: Implement commit like QMP 2014-11-03 11:41:48 +00:00
accounting.c block: Make the block accounting functions operate on BlockAcctStats 2014-09-10 10:41:29 +02:00
archipelago.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
backup.c block: let backup blockjob run in BDS AioContext 2014-11-03 11:41:49 +00:00
blkdebug.c blkdebug: Simplify and improve filename generation 2014-12-10 10:31:11 +01:00
blkverify.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
block-backend.c block: Add blk_add_close_notifier() for BB 2014-12-10 10:31:12 +01:00
bochs.c block: Use g_new() & friends to avoid multiplying sizes 2014-08-20 11:51:28 +02:00
cloop.c cloop: Handle failure for potentially large allocations 2014-08-15 15:07:15 +02:00
commit.c block: let commit blockjob run in BDS AioContext 2014-11-03 11:41:49 +00:00
curl.c block/curl: Improve type safety of s->timeout. 2014-11-03 11:41:47 +00:00
dmg.c dmg: Handle failure for potentially large allocations 2014-08-15 15:07:15 +02:00
gluster.c block: don't convert file size to sector size 2014-09-12 15:43:06 +02:00
iscsi.c -----BEGIN PGP SIGNATURE----- 2014-11-03 18:34:09 +00:00
linux-aio.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
mirror.c block: let mirror blockjob run in BDS AioContext 2014-11-03 11:41:49 +00:00
nbd-client.c nbd: implement .bdrv_detach/attach_aio_context() 2014-06-04 09:56:11 +02:00
nbd-client.h nbd: implement .bdrv_detach/attach_aio_context() 2014-06-04 09:56:11 +02:00
nbd.c nbd: Fix filename generation 2014-10-20 13:41:26 +02:00
nfs.c block: round up file size to nearest sector 2014-09-12 15:43:06 +02:00
null.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
parallels.c block/parallels: fix access to not initialized memory in catalog_bitmap 2014-11-03 09:48:41 +00:00
qapi.c block/qapi: Add cache information to query-block 2014-12-10 10:31:09 +01:00
qcow.c block: Eliminate BlockDriverState member device_name[] 2014-10-20 13:41:26 +02:00
qcow2-cache.c qcow2: Use g_try_new0() for cache array 2014-08-20 11:51:28 +02:00
qcow2-cluster.c block/qcow2: Simplify shared L2 handling in amend 2014-11-03 11:41:49 +00:00
qcow2-refcount.c block/qcow2: Make get_refcount() global 2014-11-03 11:41:49 +00:00
qcow2-snapshot.c qcow2: Allow "full" discard 2014-11-03 11:41:47 +00:00
qcow2.c qcow2: Fix header extension size check 2014-12-10 10:31:13 +01:00
qcow2.h block/qcow2: Make get_refcount() global 2014-11-03 11:41:49 +00:00
qed-check.c block: Use g_new() & friends to avoid multiplying sizes 2014-08-20 11:51:28 +02:00
qed-cluster.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-gencb.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
qed-l2-cache.c qed: do not evict in-use L2 table cache entries 2012-03-12 15:14:06 +01:00
qed-table.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
qed.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
qed.h block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
quorum.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
raw-aio.h block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
raw-posix.c block/raw-posix: Catch fsync() errors 2014-11-18 12:09:00 +01:00
raw-win32.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
raw_bsd.c raw: Prohibit dangerous writes for probed images 2014-12-10 10:31:13 +01:00
rbd.c rbd: Add support for bdrv_invalidate_cache 2014-11-03 09:48:41 +00:00
sheepdog.c block: Rename BlockDriverAIOCB* to BlockAIOCB* 2014-10-20 13:41:27 +02:00
snapshot.c snapshot: add bdrv_drain_all() to bdrv_snapshot_delete() to avoid concurrency problem 2014-11-03 09:48:42 +00:00
ssh.c ssh: Don't crash if either host or path is not specified. 2014-10-03 10:30:33 +01:00
stream.c block: let stream blockjob run in BDS AioContext 2014-11-03 11:41:49 +00:00
vdi.c block/vdi: Limit maximum size even futher 2014-11-09 23:39:50 +01:00
vhdx-endian.c block: VHDX endian fixes 2014-08-15 15:07:14 +02:00
vhdx-log.c block: Drop some superfluous casts from void * 2014-08-20 11:51:28 +02:00
vhdx.c block: Eliminate BlockDriverState member device_name[] 2014-10-20 13:41:26 +02:00
vhdx.h block: VHDX endian fixes 2014-08-15 15:07:14 +02:00
vmdk.c vmdk: Leave bdi intact if -ENOTSUP in vmdk_get_info 2014-11-14 09:20:45 +00:00
vpc.c block: Eliminate BlockDriverState member device_name[] 2014-10-20 13:41:26 +02:00
vvfat.c block: Eliminate BlockDriverState member device_name[] 2014-10-20 13:41:26 +02:00
win32-aio.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00