]> xenbits.xensource.com Git - qemu-upstream-4.4-testing.git/commit
projects / qemu-upstream-4.4-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d792187) | patch
qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)
authorKevin Wolf <kwolf@redhat.com>
Thu, 5 Mar 2015 10:38:05 +0000 (10:38 +0000)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Thu, 5 Mar 2015 14:53:22 +0000 (14:53 +0000)
commitb9b190d24041c3cc9fa7b9475ad281a37ca31368
treedb0018c696bf6ed9f29c75a38706e3853d5f1e81tree
parentd7921871ed2b95e6b7fc4343a2dbaf99b996d183commit | diff
qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)

For the L1 table to loaded for an internal snapshot, the code allocated
only enough memory to hold the currently active L1 table. If the
snapshot's L1 table is actually larger than the current one, this leads
to a buffer overflow.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
block/qcow2-snapshot.c diff | blob | history
Obsolete Upstream Qemu based repository for xen-4.4-testing