crosvm

mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-25 05:03:05 +00:00

History

Daniel Verkamp f21572c718 qcow: avoid out-of-bounds access in alloc_refblocks When all refblocks are consumed, the loop looking for the first free cluster would access the element at refcounts[refcounts.len()], which is out of bounds. Modify the free cluster search loop to check that the index is in bounds before accessing it. BUG=chromium:1030751 TEST=qcow_fuzzer Change-Id: Ib2384b9cf1edeaadb99be5fc67c27a55c03fc6e9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1953766 Tested-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Dylan Reid <dgreid@chromium.org> Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>	2019-12-10 02:24:14 +00:00
..
src	qcow: avoid out-of-bounds access in alloc_refblocks	2019-12-10 02:24:14 +00:00
Cargo.toml	qcow: replace byteorder with {to,from}_be_bytes()	2019-08-26 23:41:50 +00:00

Daniel Verkamp f21572c718 qcow: avoid out-of-bounds access in alloc_refblocks

When all refblocks are consumed, the loop looking for the first free
cluster would access the element at refcounts[refcounts.len()], which is
out of bounds.  Modify the free cluster search loop to check that the
index is in bounds before accessing it.

BUG=chromium:1030751
TEST=qcow_fuzzer

Change-Id: Ib2384b9cf1edeaadb99be5fc67c27a55c03fc6e9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1953766
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>

2019-12-10 02:24:14 +00:00

src

qcow: avoid out-of-bounds access in alloc_refblocks

2019-12-10 02:24:14 +00:00

Cargo.toml

qcow: replace byteorder with {to,from}_be_bytes()

2019-08-26 23:41:50 +00:00