qemu-e2k/block
Kevin Wolf 5dae6e30c5 qcow2: Limit snapshot table size
Even with a limit of 64k snapshots, each snapshot could have a filename
and an ID with up to 64k, which would still lead to pretty large
allocations, which could potentially lead to qemu aborting. Limit the
total size of the snapshot table to an average of 1k per entry when
the limit of 64k snapshots is fully used. This should be plenty for any
reasonable user.

This also fixes potential integer overflows of s->snapshot_size.

Suggested-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
..
backup.c block: Switch BdrvTrackedRequest to byte granularity 2014-01-24 17:40:02 +01:00
blkdebug.c block: Remove bdrv_open_image()'s force_raw option 2014-02-21 21:02:22 +01:00
blkverify.c block: Rewrite the snapshot authorization mechanism for block filters. 2014-03-13 14:23:27 +01:00
bochs.c bochs: Fix bitmap offset calculation 2014-04-01 13:59:47 +02:00
cloop.c block/cloop: fix offsets[] size off-by-one 2014-04-01 13:59:47 +02:00
commit.c commit: Remove unused check 2013-12-20 16:26:16 +01:00
cow.c block: do not abuse EMEDIUMTYPE 2014-02-21 21:02:24 +01:00
curl.c curl: check data size before memcpy to local buffer. (CVE-2014-0144) 2014-04-01 14:19:09 +02:00
dmg.c dmg: prevent chunk buffer overflow (CVE-2014-0145) 2014-04-01 15:22:35 +02:00
gluster.c Fixed various typos 2014-03-25 14:09:50 +01:00
iscsi.c iscsi: Use bs->sg for everything else than disks 2014-03-05 16:58:20 +01:00
linux-aio.c aio: drop io_flush argument 2013-08-19 15:52:19 +02:00
Makefile.objs Block patches 2014-02-25 10:50:11 +00:00
mirror.c mirror: fix early wake from sleep due to aio 2014-03-25 14:09:50 +01:00
nbd-client.c nbd: close socket if connection breaks 2014-03-14 16:28:28 +01:00
nbd-client.h nbd: pass export name as init argument 2013-12-16 10:12:20 +01:00
nbd.c nbd: correctly propagate errors 2014-02-21 21:02:22 +01:00
nfs.c block/nfs: report errors from libnfs 2014-03-19 09:39:41 +01:00
parallels.c block: do not abuse EMEDIUMTYPE 2014-02-21 21:02:24 +01:00
qapi.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
qcow2-cache.c qcow2: Use negated overflow check mask 2013-10-11 16:50:00 +02:00
qcow2-cluster.c qcow2: Fix copy_sectors() with VM state 2014-04-01 15:22:35 +02:00
qcow2-refcount.c qcow2: Protect against some integer overflows in bdrv_check 2014-04-01 15:22:35 +02:00
qcow2-snapshot.c qcow2: Limit snapshot table size 2014-04-01 15:22:35 +02:00
qcow2.c qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) 2014-04-01 15:22:35 +02:00
qcow2.h qcow2: Limit snapshot table size 2014-04-01 15:22:35 +02:00
qcow.c Fixed various typos 2014-03-25 14:09:50 +01:00
qed-check.c
qed-cluster.c
qed-gencb.c
qed-l2-cache.c
qed-table.c
qed.c block: Add error handling to bdrv_invalidate_cache() 2014-03-19 09:39:41 +01:00
qed.h block: qed - use QEMU_PACKED for on-disk structures 2013-09-25 20:51:15 +02:00
quorum.c block: Add error handling to bdrv_invalidate_cache() 2014-03-19 09:39:41 +01:00
raw_bsd.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
raw-aio.h raw-posix: add support for write_zeroes on XFS and block devices 2013-12-03 15:26:49 +01:00
raw-posix.c block/raw-posix: Strip protocol prefix on creation 2014-03-13 14:42:25 +01:00
raw-win32.c block/raw-win32: bdrv_parse_filename() for hdev 2014-03-13 14:42:25 +01:00
rbd.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
sheepdog.c Fixed various typos 2014-03-25 14:09:50 +01:00
snapshot.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
ssh.c bdrv: Use "Error" for creating images 2013-09-12 10:12:48 +02:00
stream.c block: Update BlockLimits when they might have changed 2014-01-24 17:40:01 +01:00
vdi.c vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144) 2014-04-01 14:06:31 +02:00
vhdx-endian.c block: vhdx - move more endian translations to vhdx-endian.c 2013-11-07 13:58:59 +01:00
vhdx-log.c Fixed various typos 2014-03-25 14:09:50 +01:00
vhdx.c vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148) 2014-04-01 14:19:09 +02:00
vhdx.h block: Explicitly specify 'unsigned long long' for VHDX 64-bit constants 2014-03-14 16:25:24 +01:00
vmdk.c block/vmdk: do not report file offset for compressed extents 2014-02-28 18:59:07 +01:00
vpc.c vpc: Validate block size (CVE-2014-0142) 2014-04-01 13:59:47 +02:00
vvfat.c vvfat: Fix :floppy: option to suppress partition table 2014-04-01 13:49:53 +02:00
win32-aio.c win32-aio: drop win32_aio_flush_cb() 2013-08-22 22:05:04 +02:00