[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] b15dea: block: vpc - prevent overflow if max_
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] b15dea: block: vpc - prevent overflow if max_table_entries... |
Date: |
Tue, 28 Jul 2015 03:30:05 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: b15deac79530d818092cb49a8021bcce83d71b5b
https://github.com/qemu/qemu/commit/b15deac79530d818092cb49a8021bcce83d71b5b
Author: Jeff Cody <address@hidden>
Date: 2015-07-27 (Mon, 27 Jul 2015)
Changed paths:
M block/vpc.c
Log Message:
-----------
block: vpc - prevent overflow if max_table_entries >= 0x40000000
When we allocate the pagetable based on max_table_entries, we multiply
the max table entry value by 4 to accomodate a table of 32-bit integers.
However, max_table_entries is a uint32_t, and the VPC driver accepts
ranges for that entry over 0x40000000. So during this allocation:
s->pagetable = qemu_try_blockalign(bs->file, s->max_table_entries * 4);
The size arg overflows, allocating significantly less memory than
expected.
Since qemu_try_blockalign() size argument is size_t, cast the
multiplication correctly to prevent overflow.
The value of "max_table_entries * 4" is used elsewhere in the code as
well, so store the correct value for use in all those cases.
We also check the Max Tables Entries value, to make sure that it is <
SIZE_MAX / 4, so we know the pagetable size will fit in size_t.
Cc: address@hidden
Reported-by: Richard W.M. Jones <address@hidden>
Signed-off-by: Jeff Cody <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
Commit: 77c102c26ead946fe7589d4bddcdfa5cb431ebfe
https://github.com/qemu/qemu/commit/77c102c26ead946fe7589d4bddcdfa5cb431ebfe
Author: Jeff Cody <address@hidden>
Date: 2015-07-27 (Mon, 27 Jul 2015)
Changed paths:
A tests/qemu-iotests/135
A tests/qemu-iotests/135.out
M tests/qemu-iotests/group
A tests/qemu-iotests/sample_images/afl5.img.bz2
Log Message:
-----------
block: qemu-iotests - add check for multiplication overflow in vpc
This checks that VPC is able to successfully fail (without segfault)
on an image file with a max_table_entries that exceeds 0x40000000.
This table entry is within the valid range for VPC (although too large
for this sample image).
Cc: address@hidden
Signed-off-by: Jeff Cody <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
Commit: 84a29c7efd02baa97b0d60d1e59e8357f7a5e0f1
https://github.com/qemu/qemu/commit/84a29c7efd02baa97b0d60d1e59e8357f7a5e0f1
Author: Peter Maydell <address@hidden>
Date: 2015-07-28 (Tue, 28 Jul 2015)
Changed paths:
M block/vpc.c
A tests/qemu-iotests/135
A tests/qemu-iotests/135.out
M tests/qemu-iotests/group
A tests/qemu-iotests/sample_images/afl5.img.bz2
Log Message:
-----------
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches for 2.4.0-rc3
# gpg: Signature made Mon Jul 27 16:19:17 2015 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <address@hidden>"
* remotes/kevin/tags/for-upstream:
block: qemu-iotests - add check for multiplication overflow in vpc
block: vpc - prevent overflow if max_table_entries >= 0x40000000
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/f8787f8723ea...84a29c7efd02
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] b15dea: block: vpc - prevent overflow if max_table_entries...,
GitHub <=