Changeset 72574 in vbox

Timestamp:

Jun 15, 2018 9:22:20 PM (6 years ago)

Author:

vboxsync

Message:

Storage/VHD: Stay within possible limits of the VDH spec for the block allocation table and reject images violating the spec, missing status code check

File:

• trunk/src/VBox/Storage/VHD.cpp (modified) (3 diffs)

trunk/src/VBox/Storage/VHD.cpp

@@ -40 +40 @@
 #define VHD_SECTOR_SIZE 512
 #define VHD_BLOCK_SIZE  (2 * _1M)
+
+/** The maximum VHD size is 2TB due to the 32bit sector numbers in the BAT.
+ * Note that this is the maximum file size including all footers and headers
+ * and not the maximum virtual disk size presented to the guest.
+ */
+#define VHD_MAX_SIZE    (2 * _1T)
+/** Maximum number of 512 byte sectors for a VHD image. */
+#define VHD_MAX_SECTORS ((uint32_t)(VHD_MAX_SIZE / VHD_SECTOR_SIZE))
 
 /* This is common to all VHD disk types and is located at the end of the image */
@@ -748 +756 @@
     AssertMsg(!(pImage->cbDataBlock % VHD_SECTOR_SIZE), ("%s: Data block size is not a multiple of %!\n", __FUNCTION__, VHD_SECTOR_SIZE));
 
+    /* Bail out if the number of BAT entries exceeds the number of sectors for a maximum image. */
+    if (pImage->cBlockAllocationTableEntries > VHD_MAX_SECTORS)
+        return VERR_VD_VHD_INVALID_HEADER;
+
     pImage->cSectorsPerDataBlock = pImage->cbDataBlock / VHD_SECTOR_SIZE;
     LogFlowFunc(("SectorsPerDataBlock=%u\n", pImage->cSectorsPerDataBlock));
@@ -780 +792 @@
                                uBlockAllocationTableOffset, pBlockAllocationTable,
                                pImage->cBlockAllocationTableEntries * sizeof(uint32_t));
+    if (RT_FAILURE(rc))
+        return rc;
 
     /*