On 2017-11-10 21:31, Max Reitz wrote:
> This series contains fixes for another batch of qcow2-related crashes
> reported on Launchpad by Nageswara (the first batch was
> http://lists.nongnu.org/archive/html/qemu-block/2017-11/msg00082.html by
> Berto).
>
> Patch 4 fixes an out-of-bounds array access in memory which is not
> really a security issue for multiple reasons (really, at most you can
> read eight bytes from somewhere with an extremely high chance of
> crashing qemu and requiring the user to invoke a block_resize shrinking
> the qcow2 image (and also reset some bit in the image from 1 to 0, but
> only if the overlap checks don't catch you)), but most importantly that
> code hasn't been in 2.10, so we're fine.
>
>
> Max Reitz (5):
> qcow2: check_errors are fatal
> qcow2: Unaligned zero cluster in handle_alloc()
> block: Guard against NULL bs->drv
> qcow2: Add bounds check to get_refblock_offset()
> qcow2: Refuse to get unaligned offsets from cache
>
> block/qcow2.h | 6 ---
> block.c | 19 ++++++-
> block/io.c | 36 +++++++++++++
> block/qapi.c | 8 ++-
> block/qcow2-cache.c | 21 ++++++++
> block/qcow2-cluster.c | 13 ++++-
> block/qcow2-refcount.c | 26 +++++++++-
> block/qcow2.c | 5 +-
> block/replication.c | 15 ++++++
> block/vvfat.c | 2 +-
> tests/qemu-iotests/060 | 125 +++++++++++++++++++++++++++++++++++++++++++++
> tests/qemu-iotests/060.out | 115 +++++++++++++++++++++++++++++++++++++++++
> 12 files changed, 379 insertions(+), 12 deletions(-)
I see that Patchew complains, so let's try:
Based-on: <cover.1510143008.git.berto@igalia.com>
And let's see whether it can handle the recursive dependency...
(Letting Patchew base something on git branches would be nice O:-))
Also note my follow-up patch "qcow2: Repair unaligned preallocated zero
clusters" which fixes the TODO added in patch 2.
Max