This series contains fixes for another batch of qcow2-related crashes reported on Launchpad by Nageswara (the first batch was http://lists.nongnu.org/archive/html/qemu-block/2017-11/msg00082.html by Berto).
Patch 4 fixes an out-of-bounds array access in memory which is not really a security issue for multiple reasons (really, at most you can read eight bytes from somewhere with an extremely high chance of crashing qemu and requiring the user to invoke a block_resize shrinking the qcow2 image (and also reset some bit in the image from 1 to 0, but only if the overlap checks don't catch you)), but most importantly that code hasn't been in 2.10, so we're fine. Max Reitz (5): qcow2: check_errors are fatal qcow2: Unaligned zero cluster in handle_alloc() block: Guard against NULL bs->drv qcow2: Add bounds check to get_refblock_offset() qcow2: Refuse to get unaligned offsets from cache block/qcow2.h | 6 --- block.c | 19 ++++++- block/io.c | 36 +++++++++++++ block/qapi.c | 8 ++- block/qcow2-cache.c | 21 ++++++++ block/qcow2-cluster.c | 13 ++++- block/qcow2-refcount.c | 26 +++++++++- block/qcow2.c | 5 +- block/replication.c | 15 ++++++ block/vvfat.c | 2 +- tests/qemu-iotests/060 | 125 +++++++++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/060.out | 115 +++++++++++++++++++++++++++++++++++++++++ 12 files changed, 379 insertions(+), 12 deletions(-) -- 2.13.6