From c7a9d81d7061a7fb3b5b5726a6f139444e1ad5e6 Mon Sep 17 00:00:00 2001
From: Alberto Garcia <berto@igalia.com>
Date: Tue, 6 Mar 2018 18:14:09 +0200
Subject: qcow2: Check snapshot L1 tables in qcow2_check_metadata_overlap()

The inactive-l2 overlap check iterates uses the L1 tables from all
snapshots, but it does not validate them first.

We now have a function to take care of this, so let's use it.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/qcow2-refcount.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'block/qcow2-refcount.c')

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 2f7e710fa6..b18ea0ca98 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -2642,9 +2642,17 @@ int qcow2_check_metadata_overlap(BlockDriverState *bs, int ign, int64_t offset,
             uint64_t l1_ofs = s->snapshots[i].l1_table_offset;
             uint32_t l1_sz  = s->snapshots[i].l1_size;
             uint64_t l1_sz2 = l1_sz * sizeof(uint64_t);
-            uint64_t *l1 = g_try_malloc(l1_sz2);
+            uint64_t *l1;
             int ret;
 
+            ret = qcow2_validate_table(bs, l1_ofs, l1_sz, sizeof(uint64_t),
+                                       QCOW_MAX_L1_SIZE, "", NULL);
+            if (ret < 0) {
+                return ret;
+            }
+
+            l1 = g_try_malloc(l1_sz2);
+
             if (l1_sz2 && l1 == NULL) {
                 return -ENOMEM;
             }
-- 
cgit v1.2.1