qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143)

This ensures that the checks catch all invalid cluster indexes instead of returning the refcount of a wrong cluster. Signed-off-by: N Kevin Wolf <kwolf@redhat.com> Reviewed-by: N Max Reitz <mreitz@redhat.com> Signed-off-by: N Stefan Hajnoczi <stefanha@redhat.com>

qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143)
This ensures that the checks catch all invalid cluster indexes instead of returning the refcount of a wrong cluster. Signed-off-by: N Kevin Wolf <kwolf@redhat.com> Reviewed-by: N Max Reitz <mreitz@redhat.com> Signed-off-by: N Stefan Hajnoczi <stefanha@redhat.com>
db8a31d1 · Kevin Wolf · Stefan Hajnoczi · b106ad91 · db8a31d1
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

block/qcow2-refcount.c block/qcow2-refcount.c +1 -1

未找到文件。
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -89,7 +89,7 @@ static int load_refcount_block(BlockDriverState *bs,
 static int get_refcount(BlockDriverState *bs, int64_t cluster_index)
 {
    BDRVQcowState *s = bs->opaque;
-    int refcount_table_index, block_index;
+    uint64_t refcount_table_index, block_index;
    int64_t refcount_block_offset;
    int ret;
    uint16_t *refcount_block;