Index: block-qcow2.c
===================================================================
--- block-qcow2.c	(revision 6729)
+++ block-qcow2.c	(working copy)
@@ -621,7 +621,7 @@
     if (!offset)
         return 0;
 
-    for (i = start; i < start + nb_clusters; i++)
+    for (i = start; i < start + nb_clusters && i < s->l2_size; i++)
         if (offset + i * cluster_size != (be64_to_cpu(l2_table[i]) & ~mask))
             break;
 
@@ -632,7 +632,7 @@
 {
     int i = 0;
 
-    while(nb_clusters-- && l2_table[i] == 0)
+    while(nb_clusters-- && i < s->l2_size && l2_table[i] == 0)
         i++;
 
     return i;