Add an assertion to alloc_refcount_block which catches an array index
being out of bounds; this may occur if cluster_index is much too high
(exceeding the image size). This in turn can be caused for instance by
snapshotting a corrupted image (i.e., corrupted L2 tables).
Signed-off-by: Max Reitz <mre...@redhat.com>
---
block/qcow2-refcount.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 4264148..80da2ff 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -341,6 +341,7 @@ static int alloc_refcount_block(BlockDriverState *bs,
/* Fill the new refcount table */
memcpy(new_table, s->refcount_table,
s->refcount_table_size * sizeof(uint64_t));
+ assert(refcount_table_index < table_size);
new_table[refcount_table_index] = new_block;
int i;
--
1.8.3.1
