diff options
| author | Alberto Garcia <berto@igalia.com> | 2018-03-06 18:14:11 +0200 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2018-03-09 15:17:47 +0100 |
| commit | db5794f1f17d1f8247c0ea8e6f0376a47b112466 (patch) | |
| tree | ffdca4121775ac6d8d36079310908c8b499e13e1 /block/qcow2-snapshot.c | |
| parent | a8475d7573c0598ba8f92f84534110218ee11e3d (diff) | |
| download | qemu-db5794f1f17d1f8247c0ea8e6f0376a47b112466.zip | |
qcow2: Check snapshot L1 table in qcow2_snapshot_delete()
This function deletes a snapshot from disk, removing its entry from
the snapshot table, freeing its L1 table and decreasing the refcounts
of all clusters.
The L1 table offset and size are however not validated. If we use
invalid values in this function we'll probably corrupt the image even
more, so we should return an error instead.
We now have a function to take care of this, so let's use it.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block/qcow2-snapshot.c')
| -rw-r--r-- | block/qcow2-snapshot.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c index 0faf728dc4..74293be470 100644 --- a/block/qcow2-snapshot.c +++ b/block/qcow2-snapshot.c @@ -611,6 +611,13 @@ int qcow2_snapshot_delete(BlockDriverState *bs, } sn = s->snapshots[snapshot_index]; + ret = qcow2_validate_table(bs, sn.l1_table_offset, sn.l1_size, + sizeof(uint64_t), QCOW_MAX_L1_SIZE, + "Snapshot L1 table", errp); + if (ret < 0) { + return ret; + } + /* Remove it from the snapshot list */ memmove(s->snapshots + snapshot_index, s->snapshots + snapshot_index + 1, |