Re: [Qemu-block] [PATCH 0/4] Misc qcow2 corruption checks
On Thu 02 Nov 2017 06:24:40 PM CET, Max Reitz wrote: > There are two more cases which might need a check that the return > value of an allocation function isn't 0: > > The first is qcow2_alloc_bytes() which has an assert(offset) after > potentially setting offset = new_cluster (with new_cluster being the > return value of alloc_clusters_noref()). Ok. I don't know how to reproduce it, though, but a check won't hurt. > The second is qcow2_crypto_hdr_init_func() which is simply missing a > pre-write overlap check. But that is called when you create a new image, i.e., this is not QEMU handling a corrupted image incorrectly, but QEMU itself trying to create a corrupted image. I'd rather use assert(qcow2_pre_write_overlap_check(...) == 0); Berto
Re: [Qemu-block] [PATCH 0/4] Misc qcow2 corruption checks
On 2017-11-01 16:42, Alberto Garcia wrote: > Misc qcow2 corruption checks > > This series contains a few checks that prevent QEMU from crashing > under some scenarios with corrupted qcow2 images. > > The first patch solves the crash reported here: > > https://bugs.launchpad.net/qemu/+bug/1728615 > > And the others solve similar crashes that I detected in the process of > fixing this one. > > Regards, > > Berto There are two more cases which might need a check that the return value of an allocation function isn't 0: The first is qcow2_alloc_bytes() which has an assert(offset) after potentially setting offset = new_cluster (with new_cluster being the return value of alloc_clusters_noref()). The second is qcow2_crypto_hdr_init_func() which is simply missing a pre-write overlap check. The rest (besides L2 table and refblock allocation) should be guarded by the pre-write overlap check. Do you want to fix these or do we need another volunteer? :-) Max signature.asc Description: OpenPGP digital signature
[Qemu-block] [PATCH 0/4] Misc qcow2 corruption checks
Misc qcow2 corruption checks This series contains a few checks that prevent QEMU from crashing under some scenarios with corrupted qcow2 images. The first patch solves the crash reported here: https://bugs.launchpad.net/qemu/+bug/1728615 And the others solve similar crashes that I detected in the process of fixing this one. Regards, Berto Alberto Garcia (4): qcow2: Prevent allocating refcount blocks at offset 0 qcow2: Prevent allocating L2 tables at offset 0 qcow2: Don't open images with header.refcount_table_clusters == 0 qcow2: Add iotest for an empty refcount table block/qcow2-cluster.c | 7 +++ block/qcow2-refcount.c | 7 +++ block/qcow2.c | 6 ++ tests/qemu-iotests/060 | 32 tests/qemu-iotests/060.out | 25 + 5 files changed, 77 insertions(+) -- 2.11.0
