qcow1: Check maximum cluster size

Huge values for header.cluster_bits cause unbounded allocations (e.g.
for s->cluster_cache) and crash qemu this way. Less huge values may
survive those allocations, but can cause integer overflows later on.

The only cluster sizes that qemu can create are 4k (for standalone
images) and 512 (for images with backing files), so we can limit it
to 64k.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
4 files changed
tree: 9f386b302d585c903fd61522e4e584021eadfcff
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. default-configs/
  6. disas/
  7. docs/
  8. fpu/
  9. fsdev/
  10. gdb-xml/
  11. hw/
  12. include/
  13. libcacard/
  14. linux-headers/
  15. linux-user/
  16. net/
  17. pc-bios/
  18. po/
  19. qapi/
  20. qga/
  21. qobject/
  22. qom/
  23. roms/
  24. scripts/
  25. slirp/
  26. stubs/
  27. sysconfigs/
  28. target-alpha/
  29. target-arm/
  30. target-cris/
  31. target-i386/
  32. target-lm32/
  33. target-m68k/
  34. target-microblaze/
  35. target-mips/
  36. target-moxie/
  37. target-openrisc/
  38. target-ppc/
  39. target-s390x/
  40. target-sh4/
  41. target-sparc/
  42. target-unicore32/
  43. target-xtensa/
  44. tcg/
  45. tests/
  46. trace/
  47. ui/
  48. util/
  49. .exrc
  50. .gitignore
  51. .gitmodules
  52. .mailmap
  53. .travis.yml
  54. aio-posix.c
  55. aio-win32.c
  56. arch_init.c
  57. async.c
  58. balloon.c
  59. block-migration.c
  60. block.c
  61. blockdev-nbd.c
  62. blockdev.c
  63. blockjob.c
  64. bt-host.c
  65. bt-vhci.c
  66. Changelog
  67. CODING_STYLE
  68. configure
  69. COPYING
  70. COPYING.LIB
  71. coroutine-gthread.c
  72. coroutine-sigaltstack.c
  73. coroutine-ucontext.c
  74. coroutine-win32.c
  75. cpu-exec.c
  76. cpus.c
  77. cputlb.c
  78. device-hotplug.c
  79. device_tree.c
  80. disas.c
  81. dma-helpers.c
  82. dump.c
  83. exec.c
  84. gdbstub.c
  85. HACKING
  86. hmp-commands.hx
  87. hmp.c
  88. hmp.h
  89. iohandler.c
  90. ioport.c
  91. iothread.c
  92. kvm-all.c
  93. kvm-stub.c
  94. LICENSE
  95. main-loop.c
  96. MAINTAINERS
  97. Makefile
  98. Makefile.objs
  99. Makefile.target
  100. memory.c
  101. memory_mapping.c
  102. migration-exec.c
  103. migration-fd.c
  104. migration-rdma.c
  105. migration-tcp.c
  106. migration-unix.c
  107. migration.c
  108. module-common.c
  109. monitor.c
  110. nbd.c
  111. os-posix.c
  112. os-win32.c
  113. page_cache.c
  114. qapi-schema.json
  115. qdev-monitor.c
  116. qdict-test-data.txt
  117. qemu-bridge-helper.c
  118. qemu-char.c
  119. qemu-coroutine-io.c
  120. qemu-coroutine-lock.c
  121. qemu-coroutine-sleep.c
  122. qemu-coroutine.c
  123. qemu-doc.texi
  124. qemu-file.c
  125. qemu-img-cmds.hx
  126. qemu-img.c
  127. qemu-img.texi
  128. qemu-io-cmds.c
  129. qemu-io.c
  130. qemu-log.c
  131. qemu-nbd.c
  132. qemu-nbd.texi
  133. qemu-options-wrapper.h
  134. qemu-options.h
  135. qemu-options.hx
  136. qemu-seccomp.c
  137. qemu-tech.texi
  138. qemu-timer.c
  139. qemu.nsi
  140. qemu.sasl
  141. qmp-commands.hx
  142. qmp.c
  143. qtest.c
  144. README
  145. rules.mak
  146. savevm.c
  147. spice-qemu-char.c
  148. tcg-runtime.c
  149. tci.c
  150. thread-pool.c
  151. thunk.c
  152. tpm.c
  153. trace-events
  154. translate-all.c
  155. translate-all.h
  156. user-exec.c
  157. VERSION
  158. version.rc
  159. vl.c
  160. vmstate.c
  161. xbzrle.c
  162. xen-common-stub.c
  163. xen-common.c
  164. xen-hvm-stub.c
  165. xen-hvm.c
  166. xen-mapcache.c