| Message ID | 1395835569-21193-18-git-send-email-stefanha@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 26.03.2014 13:05, Stefan Hajnoczi wrote: > From: Jeff Cody <jcody@redhat.com> > > Other variables (e.g. sectors_per_block) are calculated using these > variables, and if not range-checked illegal values could be obtained > causing infinite loops and other potential issues when calculating > BAT entries. > > The 1.00 VHDX spec requires BlockSize to be min 1MB, max 256MB. > LogicalSectorSize is required to be either 512 or 4096 bytes. > > Reported-by: Kevin Wolf <kwolf@redhat.com> > Signed-off-by: Jeff Cody <jcody@redhat.com> > Signed-off-by: Kevin Wolf <kwolf@redhat.com> > --- > block/vhdx.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) Reviewed-by: Max Reitz <mreitz@redhat.com>
diff --git a/block/vhdx.c b/block/vhdx.c index 5390ba6..509baaf 100644 --- a/block/vhdx.c +++ b/block/vhdx.c @@ -780,12 +780,20 @@ static int vhdx_parse_metadata(BlockDriverState *bs, BDRVVHDXState *s) le32_to_cpus(&s->logical_sector_size); le32_to_cpus(&s->physical_sector_size); - if (s->logical_sector_size == 0 || s->params.block_size == 0) { + if (s->params.block_size < VHDX_BLOCK_SIZE_MIN || + s->params.block_size > VHDX_BLOCK_SIZE_MAX) { ret = -EINVAL; goto exit; } - /* both block_size and sector_size are guaranteed powers of 2 */ + /* only 2 supported sector sizes */ + if (s->logical_sector_size != 512 && s->logical_sector_size != 4096) { + ret = -EINVAL; + goto exit; + } + + /* Both block_size and sector_size are guaranteed powers of 2, below. + Due to range checks above, s->sectors_per_block can never be < 256 */ s->sectors_per_block = s->params.block_size / s->logical_sector_size; s->chunk_ratio = (VHDX_MAX_SECTORS_PER_BLOCK) * (uint64_t)s->logical_sector_size /