I suspect this bug is probably still around, and if not then this class of bugs is certainly still around. What we have done in management tools like Open Stack is to confine qemu-img using simple ulimits when inspecting any untrusted image, and that solves the problem so it's probably fine to close this bug now.
-- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1462944 Title: vpc file causes qemu-img to consume lots of time and memory Status in QEMU: Incomplete Bug description: The attached vpc file causes 'qemu-img info' to consume 3 or 4 seconds of CPU time and 1.3 GB of heap, causing a minor denial of service. $ /usr/bin/time ~/d/qemu/qemu-img info afl12.img block-vpc: The header checksum of 'afl12.img' is incorrect. qemu-img: Could not open 'afl12.img': block-vpc: free_data_block_offset points after the end of file. The image has been truncated. 1.19user 3.15system 0:04.35elapsed 99%CPU (0avgtext+0avgdata 1324504maxresident)k 0inputs+0outputs (0major+327314minor)pagefaults 0swaps The file was found using american-fuzzy-lop. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1462944/+subscriptions
