summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--block/qcow2.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/block/qcow2.c b/block/qcow2.c
index f68f0e1074..eb5ea485d9 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -108,6 +108,11 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
#ifdef DEBUG_EXT
printf("ext.magic = 0x%x\n", ext.magic);
#endif
+ if (ext.len > end_offset - offset) {
+ error_report("Header extension too large");
+ return -EINVAL;
+ }
+
switch (ext.magic) {
case QCOW2_EXT_MAGIC_END:
return 0;