diff options
Diffstat (limited to 'block/qcow2.c')
| -rw-r--r-- | block/qcow2.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/block/qcow2.c b/block/qcow2.c index 37a332fee5..8d0a09ee06 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -623,6 +623,21 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } + /* Snapshot table offset/length */ + if (header.nb_snapshots > QCOW_MAX_SNAPSHOTS) { + error_setg(errp, "Too many snapshots"); + ret = -EINVAL; + goto fail; + } + + ret = validate_table_offset(bs, header.snapshots_offset, + header.nb_snapshots, + sizeof(QCowSnapshotHeader)); + if (ret < 0) { + error_setg(errp, "Invalid snapshot table offset"); + goto fail; + } + s->snapshots_offset = header.snapshots_offset; s->nb_snapshots = header.nb_snapshots; |