qcow2: Reject too large header extensions
Image files that make qemu-img info read several gigabytes into the unknown header extensions list are bad. Just fail opening the image if an extension claims to be larger than the header extension area. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
This commit is contained in:
parent
fd29b4bbef
commit
64ca6aee4f
@ -108,6 +108,11 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
|
|||||||
#ifdef DEBUG_EXT
|
#ifdef DEBUG_EXT
|
||||||
printf("ext.magic = 0x%x\n", ext.magic);
|
printf("ext.magic = 0x%x\n", ext.magic);
|
||||||
#endif
|
#endif
|
||||||
|
if (ext.len > end_offset - offset) {
|
||||||
|
error_report("Header extension too large");
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
switch (ext.magic) {
|
switch (ext.magic) {
|
||||||
case QCOW2_EXT_MAGIC_END:
|
case QCOW2_EXT_MAGIC_END:
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user