On 05/23/2014 07:41 AM, Maria Kustova wrote: > 96 - 99: refcount_order > Describes the width of a reference count block entry > (width > - in bits = 1 << refcount_order). For version 2 images, the > - order is always assumed to be 4 (i.e. the width is 16 > bits). > + in bits: refcount_bits = 1 << refcount_order). For > version 2 > + images, the order is always assumed to be 4 > + (i.e. refcount_bits = 16).
In light of all the recent CVE fixes (and possibly a separate patch if
any code is broken), I wonder if we need more work to ensure that
refcount_order is capped to a worthwhile maximum rather than causing
undefined behavior. That is, a refcount_order of 0x10004 should be an
error, and not a synonym of refcount_order of 4, since '1 << 0x10004' is
undefined.
Furthermore, this raises some questions in my mind. Later on, we document:
refcount_block_entries = (cluster_size / sizeof(uint16_t))
which implies a hard cap of refcount_bits=16 as the maximum, which in
turn implies a hard cap of refcount_order of 4 as the maximum. Or is it
possible to specify a larger refcount_order, in which case
refcount_block_entries is dynamically sized to uint32_t, and in which
case the rest of the docs need to be fixed to accommodate that?
Also,
Refcount block entry (x = refcount_bits - 1):
Bit 0 - x: Reference count of the cluster. If refcount_bits
implies a
sub-byte width, note that bit 0 means the least
significant
bit in this context.
but nothing is said about bits x+1 - 15 (which only exist when
refcount_order < 4, but which presumably must be all 0 bits for the file
to be valid).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
