On 07/27/2016 07:01 PM, Denis V. Lunev wrote:
From: Klim Kireev <spr...@linux.com>
Before this patch incorrect image could be created via qemu-img
(Example: qemu-img create -f parallels -o size=4096T hack.img),
incorrect images cannot be used due to overflow in main image structure.
This patch add check of size in image creation.
After reading size it compare it with UINT32_MAX * cluster_size.
Signed-off-by: Klim Kireev <pro...@virtuozzo.mipt.com>
Signed-off-by: Denis V. Lunev <d...@openvz.org>
CC: Stefan Hajnoczi <stefa...@redhat.com>
---
block/parallels.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/block/parallels.c b/block/parallels.c
index 807a801..a0bc95b 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -43,6 +43,7 @@
#define HEADER_MAGIC2 "WithouFreSpacExt"
#define HEADER_VERSION 2
#define HEADER_INUSE_MAGIC (0x746F6E59)
+#define MAX_PARALLELS_IMAGE_FACTOR (1ull << 32)
#define DEFAULT_CLUSTER_SIZE 1048576 /* 1 MiB */
@@ -475,6 +476,10 @@ static int parallels_create(const char *filename, QemuOpts *opts, Error **errp)
BDRV_SECTOR_SIZE);
cl_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_CLUSTER_SIZE,
DEFAULT_CLUSTER_SIZE), BDRV_SECTOR_SIZE);
+ if (total_size >= MAX_PARALLELS_IMAGE_FACTOR * cl_size) {
+ error_propagate(errp, local_err);
+ return -E2BIG;
+ }
ret = bdrv_create_file(filename, opts, &local_err);
if (ret < 0) {
pls drop this. I have to resubmit it.
