On 12/27/2014 10:01 AM, Peter Wu wrote:
Previously the chunk size was not checked, allowing for a large memory allocation. This patch checks whether the chunks size is within the resource fork length. Signed-off-by: Peter Wu <pe...@lekensteyn.nl> --- block/dmg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/dmg.c b/block/dmg.c index 75e771a..19e4fe2 100644 --- a/block/dmg.c +++ b/block/dmg.c @@ -308,7 +308,7 @@ static int dmg_read_resource_fork(BlockDriverState *bs, DmgHeaderState *ds, ret = read_uint32(bs, offset, &count); if (ret < 0) { goto fail; - } else if (count == 0) { + } else if (count == 0 || count > info_end - offset) { ret = -EINVAL; goto fail; }
As mentioned already, please squash your latest changes in your git repository into this patch for v2.