On 03/20/2018 12:36 PM, Kevin Wolf wrote:
It's unclear what the real maximum is, but we use an uint32_t to store
the log size in vhdx_co_create(), so we should check that the given
value fits in 32 bits.
Signed-off-by: Kevin Wolf <[email protected]>
---
block/vhdx.c | 4 ++++
1 file changed, 4 insertions(+)
Reviewed-by: Eric Blake <[email protected]>
diff --git a/block/vhdx.c b/block/vhdx.c
index 0e48179b81..a1a0302799 100644
--- a/block/vhdx.c
+++ b/block/vhdx.c
@@ -1829,6 +1829,10 @@ static int coroutine_fn
vhdx_co_create(BlockdevCreateOptions *opts,
if (!vhdx_opts->has_log_size) {
log_size = DEFAULT_LOG_SIZE;
} else {
+ if (vhdx_opts->log_size > UINT32_MAX) {
+ error_setg(errp, "Log size must be smaller than 4 GB");
+ return -EINVAL;
+ }
log_size = vhdx_opts->log_size;
}
if (log_size < MiB || (log_size % MiB) != 0) {
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
