On 2017-11-10 21:31, Max Reitz wrote: > This series contains fixes for another batch of qcow2-related crashes > reported on Launchpad by Nageswara (the first batch was > http://lists.nongnu.org/archive/html/qemu-block/2017-11/msg00082.html by > Berto). > > Patch 4 fixes an out-of-bounds array access in memory which is not > really a security issue for multiple reasons (really, at most you can > read eight bytes from somewhere with an extremely high chance of > crashing qemu and requiring the user to invoke a block_resize shrinking > the qcow2 image (and also reset some bit in the image from 1 to 0, but > only if the overlap checks don't catch you)), but most importantly that > code hasn't been in 2.10, so we're fine. > > > Max Reitz (5): > qcow2: check_errors are fatal > qcow2: Unaligned zero cluster in handle_alloc() > block: Guard against NULL bs->drv > qcow2: Add bounds check to get_refblock_offset() > qcow2: Refuse to get unaligned offsets from cache > > block/qcow2.h | 6 --- > block.c | 19 ++++++- > block/io.c | 36 +++++++++++++ > block/qapi.c | 8 ++- > block/qcow2-cache.c | 21 ++++++++ > block/qcow2-cluster.c | 13 ++++- > block/qcow2-refcount.c | 26 +++++++++- > block/qcow2.c | 5 +- > block/replication.c | 15 ++++++ > block/vvfat.c | 2 +- > tests/qemu-iotests/060 | 125 > +++++++++++++++++++++++++++++++++++++++++++++ > tests/qemu-iotests/060.out | 115 +++++++++++++++++++++++++++++++++++++++++ > 12 files changed, 379 insertions(+), 12 deletions(-)
Applied to my block tree: https://github.com/XanClic/qemu/commits/block Max
signature.asc
Description: OpenPGP digital signature
