On 12/27/2014 10:01 AM, Peter Wu wrote:
Previously the chunk size was not checked, allowing for a large memory
allocation. This patch checks whether the chunks size is within the
resource fork length.
Signed-off-by: Peter Wu <pe...@lekensteyn.nl>
---
block/dmg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/dmg.c b/block/dmg.c
index 75e771a..19e4fe2 100644
--- a/block/dmg.c
+++ b/block/dmg.c
@@ -308,7 +308,7 @@ static int dmg_read_resource_fork(BlockDriverState *bs,
DmgHeaderState *ds,
ret = read_uint32(bs, offset, &count);
if (ret < 0) {
goto fail;
- } else if (count == 0) {
+ } else if (count == 0 || count > info_end - offset) {
ret = -EINVAL;
goto fail;
}
As mentioned already, please squash your latest changes in your git
repository into this patch for v2.
