Stack overflow from opening qcow files with backing file pointing to itself #6472
Labels
bug
Something isn't working
Comments
|
@wfly1998 Would you please take a look and port the fix from crosvm? Thank you. |
wfly1998
added a commit
to wfly1998/cloud-hypervisor
that referenced
this issue
May 24, 2024
Impose a limit on the maximum nesting of file formats that can open more files. For example, a qcow2 file can have a backing file, which could be another qcow2 file with a backing file (or even the same file as the original), potentially causing unbounded recursion. This commit is based on crosvm implementation: https://chromium.googlesource.com/crosvm/crosvm/+/eb1640e301d66c06e0e0a07886946830f3f2f4fe Fixes: cloud-hypervisor#6472 Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
wfly1998
added a commit
to wfly1998/cloud-hypervisor
that referenced
this issue
May 24, 2024
Impose a limit on the maximum nesting of file formats that can open more files. For example, a qcow2 file can have a backing file, which could be another qcow2 file with a backing file (or even the same file as the original), potentially causing unbounded recursion. This commit is based on crosvm implementation: https://chromium.googlesource.com/crosvm/crosvm/+/eb1640e301d66c06e0e0a07886946830f3f2f4fe Fixes: cloud-hypervisor#6472 Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
wfly1998
added a commit
to wfly1998/cloud-hypervisor
that referenced
this issue
May 30, 2024
Impose a limit on the maximum nesting of file formats that can open more files. For example, a qcow2 file can have a backing file, which could be another qcow2 file with a backing file (or even the same file as the original), potentially causing unbounded recursion. This commit is based on crosvm implementation: https://chromium.googlesource.com/crosvm/crosvm/+/eb1640e301d66c06e0e0a07886946830f3f2f4fe Fixes: cloud-hypervisor#6472 Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
wfly1998
added a commit
to wfly1998/cloud-hypervisor
that referenced
this issue
Jun 11, 2024
Impose a limit on the maximum nesting of file formats that can open more files. For example, a qcow2 file can have a backing file, which could be another qcow2 file with a backing file (or even the same file as the original), potentially causing unbounded recursion. This commit is based on crosvm implementation: https://chromium.googlesource.com/crosvm/crosvm/+/eb1640e301d66c06e0e0a07886946830f3f2f4fe Fixes: cloud-hypervisor#6472 Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
wfly1998
added a commit
to wfly1998/cloud-hypervisor
that referenced
this issue
Jun 12, 2024
Impose a limit on the maximum nesting of file formats that can open more files. For example, a qcow2 file can have a backing file, which could be another qcow2 file with a backing file (or even the same file as the original), potentially causing unbounded recursion. This commit is based on crosvm implementation: https://chromium.googlesource.com/crosvm/crosvm/+/eb1640e301d66c06e0e0a07886946830f3f2f4fe Fixes: cloud-hypervisor#6472 Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
wfly1998
added a commit
to wfly1998/cloud-hypervisor
that referenced
this issue
Jun 12, 2024
Impose a limit on the maximum nesting of file formats that can open more files. For example, a qcow2 file can have a backing file, which could be another qcow2 file with a backing file (or even the same file as the original), potentially causing unbounded recursion. This commit is based on crosvm implementation: https://chromium.googlesource.com/crosvm/crosvm/+/eb1640e301d66c06e0e0a07886946830f3f2f4fe Fixes: cloud-hypervisor#6472 Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
github-merge-queue bot
pushed a commit
that referenced
this issue
Jun 13, 2024
Impose a limit on the maximum nesting of file formats that can open more files. For example, a qcow2 file can have a backing file, which could be another qcow2 file with a backing file (or even the same file as the original), potentially causing unbounded recursion. This commit is based on crosvm implementation: https://chromium.googlesource.com/crosvm/crosvm/+/eb1640e301d66c06e0e0a07886946830f3f2f4fe Fixes: #6472 Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A stock overflow can happen when opening a qcow file with backing file pointing to itself. This is caused by unbounded recursive calls between
block::create_disk_file()andblock::qcow::From(). This bug was reported from our continuous fuzzing tests with oss-fuzz [1].This bug was introduced along with the qcow backing file support #5573 (which was based on crosvm's implementation that had the same bug). A potential fix (implemented from crosvm) is limiting the maximum nesting depth for the backing files with qcow [2].
[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67709
[2] google/crosvm@eb1640e
The text was updated successfully, but these errors were encountered: