From patchwork Fri Oct 11 15:05:05 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin Wolf X-Patchwork-Id: 282798 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id EB6122C0098 for ; Sat, 12 Oct 2013 02:15:01 +1100 (EST) Received: from localhost ([::1]:54889 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VUeQd-0007zm-ON for incoming@patchwork.ozlabs.org; Fri, 11 Oct 2013 11:14:59 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42973) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VUeIP-0007Bz-Iv for qemu-devel@nongnu.org; Fri, 11 Oct 2013 11:06:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VUeIF-0005Ft-47 for qemu-devel@nongnu.org; Fri, 11 Oct 2013 11:06:29 -0400 Received: from mx1.redhat.com ([209.132.183.28]:15688) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VUeIE-0005Fh-SG for qemu-devel@nongnu.org; Fri, 11 Oct 2013 11:06:19 -0400 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r9BF6HLq019095 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 11 Oct 2013 11:06:17 -0400 Received: from dhcp-200-207.str.redhat.com (dhcp-192-197.str.redhat.com [10.33.192.197]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id r9BF5s2W006329; Fri, 11 Oct 2013 11:06:16 -0400 From: Kevin Wolf To: anthony@codemonkey.ws Date: Fri, 11 Oct 2013 17:05:05 +0200 Message-Id: <1381503951-27985-16-git-send-email-kwolf@redhat.com> In-Reply-To: <1381503951-27985-1-git-send-email-kwolf@redhat.com> References: <1381503951-27985-1-git-send-email-kwolf@redhat.com> X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: kwolf@redhat.com, qemu-devel@nongnu.org Subject: [Qemu-devel] [PULL 15/61] qcow2: Assert against snapshot name/ID overflow X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org From: Max Reitz qcow2_write_snapshots relies on the length of every snapshot ID and name fitting into an unsigned 16 bit integer. This is currently ensured by QEMU through generally only allowing 128 byte IDs and 256 byte names. However, if this should change in the future, the length written to the image file should not be silently truncated (though the name itself would be written completely). Since this is currently not an issue but might require attention due to internal QEMU changes in the future, an assert ensuring sanity is enough for now. Signed-off-by: Max Reitz Signed-off-by: Kevin Wolf --- block/qcow2-snapshot.c | 1 + 1 file changed, 1 insertion(+) diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c index f6f3e64..812dab2 100644 --- a/block/qcow2-snapshot.c +++ b/block/qcow2-snapshot.c @@ -221,6 +221,7 @@ static int qcow2_write_snapshots(BlockDriverState *bs) id_str_size = strlen(sn->id_str); name_size = strlen(sn->name); + assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX); h.id_str_size = cpu_to_be16(id_str_size); h.name_size = cpu_to_be16(name_size); offset = align_offset(offset, 8);