[PATCH] qcow2: fix null pointer dereference in crypto block

gerben Tue, 18 Mar 2025 20:39:54 -0700

From: Denis Rastyogin <ger...@altlinux.org>

This error was discovered by fuzzing qemu-img.


The qcow2_refresh_limits() is missing a check
for the s->crypto pointer, which can lead to
a null pointer dereference. This commit adds the necessary check.

Reported-by: Leonid Reviakin <l.revia...@fobos-nt.ru>
Signed-off-by: Denis Rastyogin <ger...@altlinux.org>
---
 block/qcow2.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/block/qcow2.c b/block/qcow2.c
index dd6bcafbd8..55861a285a 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1978,6 +1978,10 @@ static void qcow2_refresh_limits(BlockDriverState *bs, 
Error **errp)
 
     if (bs->encrypted) {
         /* Encryption works on a sector granularity */
+        if (!s->crypto) {
+            error_setg(errp, "Encryption context is missing");
+            return;
+        }
         bs->bl.request_alignment = qcrypto_block_get_sector_size(s->crypto);
     }
     bs->bl.pwrite_zeroes_alignment = s->subcluster_size;
-- 
2.42.2

[PATCH] qcow2: fix null pointer dereference in crypto block

Reply via email to