parallels: Check if data_end greater than the file size

Initially data_end is set to the data_off image header field and must not be greater than the file size. Signed-off-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com> Reviewed-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Denis V. Lunev <den@openvz.org>
author: Alexander Ivanov <alexander.ivanov@virtuozzo.com> 2023-07-18 12:44:25 +0200
committer: Denis V. Lunev <den@openvz.org> 2023-09-06 17:36:49 +0200
commit: 09eb64f9e354f9af23a5c8b3b8021eb5969fc68a (patch)
tree: 9735823f06c0f1ec24edc550c4bfdbe1e3f9a357 /block/parallels.c
parent: fcadb4866204fe5788969296ffce682e22109107 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/block/parallels.c b/block/parallels.c
index 3c0dca3dbf..6a3d41373a 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -874,6 +874,11 @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags,
          */
         s->header_size = size;
     }
+    if (s->data_end > file_nb_sectors) {
+        error_setg(errp, "Invalid image: incorrect data_off field");
+        ret = -EINVAL;
+        goto fail;
+    }
 
     ret = bdrv_pread(bs->file, 0, s->header_size, s->header, 0);
     if (ret < 0) {
author	Alexander Ivanov <alexander.ivanov@virtuozzo.com>	2023-07-18 12:44:25 +0200
committer	Denis V. Lunev <den@openvz.org>	2023-09-06 17:36:49 +0200
commit	09eb64f9e354f9af23a5c8b3b8021eb5969fc68a (patch)
tree	9735823f06c0f1ec24edc550c4bfdbe1e3f9a357 /block/parallels.c
parent	fcadb4866204fe5788969296ffce682e22109107 (diff)