From: Kevin Wolf Date: Wed, 26 Mar 2014 12:05:49 +0000 (+0100) Subject: qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=db8a31d11d6a60f48d6817530640d75aa72a9a2f;p=qemu.git qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) This ensures that the checks catch all invalid cluster indexes instead of returning the refcount of a wrong cluster. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi --- diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 220b322aa5..561d65925c 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -89,7 +89,7 @@ static int load_refcount_block(BlockDriverState *bs, static int get_refcount(BlockDriverState *bs, int64_t cluster_index) { BDRVQcowState *s = bs->opaque; - int refcount_table_index, block_index; + uint64_t refcount_table_index, block_index; int64_t refcount_block_offset; int ret; uint16_t *refcount_block;