From c01dbccbad647be5784be39eb8fa0144732295db Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Wed, 25 Sep 2013 17:48:55 +0200
Subject: qcow2: Assert against currently impossible overflow

If qcow2_alloc_cluster_link_l2 is called with a QCowL2Meta describing a
request crossing L2 boundaries, a buffer overflow will occur. This is
impossible right now since such requests are never generated (every
request is shortened to L2 boundaries before) and probably also
completely unintended (considering the name "QCowL2Meta"), however, it
is still worth an assertion.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/qcow2-cluster.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'block')

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 738ff73c1d..cab5f2e6b5 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -716,6 +716,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m)
     }
     qcow2_cache_entry_mark_dirty(s->l2_table_cache, l2_table);
 
+    assert(l2_index + m->nb_clusters <= s->l2_size);
     for (i = 0; i < m->nb_clusters; i++) {
         /* if two concurrent writes happen to the same unallocated cluster
 	 * each write allocates separate cluster and writes data concurrently.
-- 
cgit v1.2.3