Message ID | 1469639300-12155-1-git-send-email-den@openvz.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On Wed, Jul 27, 2016 at 08:08:20PM +0300, Denis V. Lunev wrote: > From: Klim Kireev <proffk@virtuozzo.mipt.com> > > Before this patch incorrect image could be created via qemu-img > (Example: qemu-img create -f parallels -o size=4096T hack.img), > incorrect images cannot be used due to overflow in main image structure. > > This patch add check of size in image creation. > > After reading size it compare it with UINT32_MAX * cluster_size. > > Signed-off-by: Klim Kireev <proffk@virtuozzo.mipt.com> > Signed-off-by: Denis V. Lunev <den@openvz.org> > CC: Stefan Hajnoczi <stefanha@redhat.com> > --- > changes from v1: > - fixed from: to be virtuozzo.mipt.com to match Signed-off-by > > block/parallels.c | 5 +++++ > 1 file changed, 5 insertions(+) Thanks, applied to my block tree: https://github.com/stefanha/qemu/commits/block Stefan
diff --git a/block/parallels.c b/block/parallels.c index 807a801..a0bc95b 100644 --- a/block/parallels.c +++ b/block/parallels.c @@ -43,6 +43,7 @@ #define HEADER_MAGIC2 "WithouFreSpacExt" #define HEADER_VERSION 2 #define HEADER_INUSE_MAGIC (0x746F6E59) +#define MAX_PARALLELS_IMAGE_FACTOR (1ull << 32) #define DEFAULT_CLUSTER_SIZE 1048576 /* 1 MiB */ @@ -475,6 +476,10 @@ static int parallels_create(const char *filename, QemuOpts *opts, Error **errp) BDRV_SECTOR_SIZE); cl_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_CLUSTER_SIZE, DEFAULT_CLUSTER_SIZE), BDRV_SECTOR_SIZE); + if (total_size >= MAX_PARALLELS_IMAGE_FACTOR * cl_size) { + error_propagate(errp, local_err); + return -E2BIG; + } ret = bdrv_create_file(filename, opts, &local_err); if (ret < 0) {