From 31b1829110ac3b188842a154d751cff437d9f5c6 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Tue, 25 Mar 2014 11:45:27 +0100 Subject: [PATCH 09/48] qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) RH-Author: Kevin Wolf Message-id: <1395744364-16049-9-git-send-email-kwolf@redhat.com> Patchwork-id: n/a O-Subject: [EMBARGOED RHEL-6.6/6.5.z qemu-kvm PATCH v2 08/45] qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) Bugzilla: 1079319 RH-Acked-by: Max Reitz RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Jeff Cody Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1079319 Upstream status: Embargoed This ensures that the checks catch all invalid cluster indexes instead of returning the refcount of a wrong cluster. Signed-off-by: Kevin Wolf --- block/qcow2-refcount.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index c2feb62..7a7344f 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -87,7 +87,7 @@ static int load_refcount_block(BlockDriverState *bs, static int get_refcount(BlockDriverState *bs, int64_t cluster_index) { BDRVQcowState *s = bs->opaque; - int refcount_table_index, block_index; + uint64_t refcount_table_index, block_index; int64_t refcount_block_offset; int ret; uint16_t *refcount_block; -- 1.7.1