subject:"\[Qemu\-devel\] \[PATCH for\-2.0 06\/47\] block\/cloop\: refuse images with bogus offsets \(CVE\-2014\-0144\)"

[Qemu-devel] [PATCH for-2.0 06/47] block/cloop: refuse images with bogus offsets (CVE-2014-0144)

2014-03-26 Thread Stefan Hajnoczi

The offsets[] array allows efficient seeking and tells us the maximum compressed data size. If the offsets are bogus the maximum compressed data size will be unrealistic. This could cause g_malloc() to abort and bogus offsets mean the image is broken anyway. Therefore we should refuse such

Re: [Qemu-devel] [PATCH for-2.0 06/47] block/cloop: refuse images with bogus offsets (CVE-2014-0144)

2014-03-26 Thread Max Reitz

On 26.03.2014 13:05, Stefan Hajnoczi wrote: The offsets[] array allows efficient seeking and tells us the maximum compressed data size. If the offsets are bogus the maximum compressed data size will be unrealistic. This could cause g_malloc() to abort and bogus offsets mean the image is broken