mirrors/qemu
0
0
Fork 0
mirror of https://github.com/qemu/qemu.git synced 2024-11-29 14:53:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
7159a45b2b
qemu/block
History
Kevin Wolf 7159a45b2b qcow1: Check maximum cluster size 
Huge values for header.cluster_bits cause unbounded allocations (e.g.
for s->cluster_cache) and crash qemu this way. Less huge values may
survive those allocations, but can cause integer overflows later on.

The only cluster sizes that qemu can create are 4k (for standalone
images) and 512 (for images with backing files), so we can limit it
to 64k.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-05-19 11:36:49 +02:00
..
backup.c block: Switch BdrvTrackedRequest to byte granularity 2014-01-24 17:40:02 +01:00
blkdebug.c block: Remove bdrv_open_image()'s force_raw option 2014-02-21 21:02:22 +01:00
blkverify.c block: Rewrite the snapshot authorization mechanism for block filters. 2014-03-13 14:23:27 +01:00
bochs.c block/bochs: Fix error handling for seek_to_sector() 2014-04-30 14:46:17 +02:00
cloop.c block/cloop: use PRIu32 format specifier for uint32_t 2014-04-23 11:34:10 +02:00
commit.c qerror.h: Remove QERR defines that are only used once 2014-04-25 09:19:59 -04:00
cow.c block: Use correct width in format strings 2014-04-30 14:46:17 +02:00
curl.c curl: Add sslverify option 2014-05-19 11:36:49 +02:00
dmg.c block: Use correct width in format strings 2014-04-30 14:46:17 +02:00
gluster.c gluster: Correctly propagate errors when volume isn't accessible 2014-05-09 20:57:32 +02:00
iscsi.c block/iscsi: bump year in copyright notice 2014-05-09 13:32:16 +02:00
linux-aio.c aio: drop io_flush argument 2013-08-19 15:52:19 +02:00
Makefile.objs Block patches 2014-02-25 10:50:11 +00:00
mirror.c mirror: Check for bdrv_get_info result 2014-04-29 13:43:08 +02:00
nbd-client.c nbd: close socket if connection breaks 2014-03-14 16:28:28 +01:00
nbd-client.h nbd: pass export name as init argument 2013-12-16 10:12:20 +01:00
nbd.c nbd: Use return values instead of error_is_set(errp) 2014-04-25 18:05:06 +02:00
nfs.c block/nfs: Check for NULL server part 2014-05-09 13:32:16 +02:00
parallels.c parallels: Sanity check for s->tracks (CVE-2014-0142) 2014-04-01 15:22:35 +02:00
qapi.c block: Use error_abort in bdrv_image_info_specific_dump() 2014-04-30 12:43:30 +02:00
qcow2-cache.c qcow2: Use negated overflow check mask 2013-10-11 16:50:00 +02:00
qcow2-cluster.c qcow2: Check min_size in qcow2_grow_l1_table() 2014-04-30 14:46:17 +02:00
qcow2-refcount.c qcow2: Fix alloc_clusters_noref() overflow detection 2014-05-09 13:32:16 +02:00
qcow2-snapshot.c qcow2: Limit snapshot table size 2014-04-01 15:22:35 +02:00
qcow2.c block: Use correct width in format strings 2014-04-30 14:46:17 +02:00
qcow2.h qcow2: Limit snapshot table size 2014-04-01 15:22:35 +02:00
qcow.c qcow1: Check maximum cluster size 2014-05-19 11:36:49 +02:00
qed-check.c qed: mark image clean after repair succeeds 2012-08-10 10:25:12 +02:00
qed-cluster.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-gencb.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-l2-cache.c qed: do not evict in-use L2 table cache entries 2012-03-12 15:14:06 +01:00
qed-table.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qed.c convert fprintf() calls to error_setg() in block/qed.c:bdrv_qed_create() 2014-04-22 11:57:02 +02:00
qed.h block: qed - use QEMU_PACKED for on-disk structures 2013-09-25 20:51:15 +02:00
quorum.c Use error_is_set() only when necessary (again) 2014-04-25 18:05:06 +02:00
raw_bsd.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
raw-aio.h raw-posix: add support for write_zeroes on XFS and block devices 2013-12-03 15:26:49 +01:00
raw-posix.c block/raw-posix: Try both FIEMAP and SEEK_HOLE 2014-05-09 20:57:32 +02:00
raw-win32.c block: Unlink temporary files in raw-posix/win32 2014-04-30 11:05:00 +02:00
rbd.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
sheepdog.c block: Use correct width in format strings 2014-04-30 14:46:17 +02:00
snapshot.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
ssh.c bdrv: Use "Error" for creating images 2013-09-12 10:12:48 +02:00
stream.c block: Update BlockLimits when they might have changed 2014-01-24 17:40:01 +01:00
vdi.c block/vdi: Error out immediately in vdi_create() 2014-04-30 14:46:17 +02:00
vhdx-endian.c block: vhdx - move more endian translations to vhdx-endian.c 2013-11-07 13:58:59 +01:00
vhdx-log.c Fixed various typos 2014-03-25 14:09:50 +01:00
vhdx.c block: vhdx - account for identical header sections 2014-05-19 11:36:48 +02:00
vhdx.h block: Explicitly specify 'unsigned long long' for VHDX 64-bit constants 2014-03-14 16:25:24 +01:00
vmdk.c vmdk: Implement .bdrv_get_info() 2014-05-09 13:32:16 +02:00
vpc.c vpc: Validate block size (CVE-2014-0142) 2014-04-01 13:59:47 +02:00
vvfat.c block: Add errp to bdrv_new() 2014-04-22 12:00:20 +02:00
win32-aio.c win32-aio: drop win32_aio_flush_cb() 2013-08-22 22:05:04 +02:00