diff --git a/qemu-fix-qcow2-2TB.patch b/qemu-fix-qcow2-2TB.patch
new file mode 100644
index 0000000..4fee796
--- /dev/null
+++ b/qemu-fix-qcow2-2TB.patch
@@ -0,0 +1,77 @@
+From 2d2431f03fc78b532f3a1c5f858cf78859d50fc3 Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Sun, 5 Apr 2009 17:40:58 +0000
+Subject: [PATCH] qcow2: fix image creation for large, > ~2TB, images (Chris Wright)
+
+When creating large disk images w/ qcow2 format, qcow2_create is hard
+coded to creating a single refcount block.  This is insufficient for
+large images, and will cause qemu-img to segfault as it walks off the
+end of the refcount block.  Keep track of the space needed during image
+create and create proper number of refcount blocks accordingly.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=491943
+
+Signed-off-by: Chris Wright <chrisw@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+
+
+git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6982 c046a42c-6fe2-441c-8c8c-71466251a162
+---
+ block-qcow2.c |   20 +++++++++++++-------
+ 1 files changed, 13 insertions(+), 7 deletions(-)
+
+Index: qemu-kvm-0.10/qemu/block-qcow2.c
+===================================================================
+--- qemu-kvm-0.10.orig/qemu/block-qcow2.c
++++ qemu-kvm-0.10/qemu/block-qcow2.c
+@@ -1458,6 +1458,7 @@ static int qcow_create(const char *filen
+                       const char *backing_file, int flags)
+ {
+     int fd, header_size, backing_filename_len, l1_size, i, shift, l2_bits;
++    int ref_clusters = 0;
+     QCowHeader header;
+     uint64_t tmp, offset;
+     QCowCreateState s1, *s = &s1;
+@@ -1498,22 +1499,28 @@ static int qcow_create(const char *filen
+     offset += align_offset(l1_size * sizeof(uint64_t), s->cluster_size);
+ 
+     s->refcount_table = qemu_mallocz(s->cluster_size);
+-    s->refcount_block = qemu_mallocz(s->cluster_size);
+ 
+     s->refcount_table_offset = offset;
+     header.refcount_table_offset = cpu_to_be64(offset);
+     header.refcount_table_clusters = cpu_to_be32(1);
+     offset += s->cluster_size;
+-
+-    s->refcount_table[0] = cpu_to_be64(offset);
+     s->refcount_block_offset = offset;
+-    offset += s->cluster_size;
++
++    /* count how many refcount blocks needed */
++    tmp = offset >> s->cluster_bits;
++    ref_clusters = (tmp >> (s->cluster_bits - REFCOUNT_SHIFT)) + 1;
++    for (i=0; i < ref_clusters; i++) {
++        s->refcount_table[i] = cpu_to_be64(offset);
++        offset += s->cluster_size;
++    }
++
++    s->refcount_block = qemu_mallocz(ref_clusters * s->cluster_size);
+ 
+     /* update refcounts */
+     create_refcount_update(s, 0, header_size);
+     create_refcount_update(s, s->l1_table_offset, l1_size * sizeof(uint64_t));
+     create_refcount_update(s, s->refcount_table_offset, s->cluster_size);
+-    create_refcount_update(s, s->refcount_block_offset, s->cluster_size);
++    create_refcount_update(s, s->refcount_block_offset, ref_clusters * s->cluster_size);
+ 
+     /* write all the data */
+     write(fd, &header, sizeof(header));
+@@ -1529,7 +1536,7 @@ static int qcow_create(const char *filen
+     write(fd, s->refcount_table, s->cluster_size);
+ 
+     lseek(fd, s->refcount_block_offset, SEEK_SET);
+-    write(fd, s->refcount_block, s->cluster_size);
++    write(fd, s->refcount_block, ref_clusters * s->cluster_size);
+ 
+     qemu_free(s->refcount_table);
+     qemu_free(s->refcount_block);
diff --git a/qemu.spec b/qemu.spec
index 9f87c6e..1b5308e 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,7 +1,7 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
 Version: 0.10
-Release: 5%{?dist}
+Release: 6%{?dist}
 # I have mistakenly thought the revision name would be 1.0.
 # So 0.10 series get Epoch = 1
 Epoch: 2
@@ -36,6 +36,7 @@ Patch11: qemu-fix-gcc.patch
 Patch12: qemu-roms-more-room.patch
 Patch13: qemu-bios-bigger-roms.patch
 Patch14: qemu-fix-display-breakage.patch
+Patch15: qemu-fix-qcow2-2TB.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: SDL-devel zlib-devel which texi2html gnutls-devel cyrus-sasl-devel
@@ -214,6 +215,7 @@ such as kvmtrace and kvm_stat.
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
 
 %build
 # systems like rhel build system does not have a recent enough linker so
@@ -455,6 +457,9 @@ fi
 %{_mandir}/man1/qemu-img.1*
 
 %changelog
+* Sun Apr  5 2009 Glauber Costa <glommer@redhat.com> - 2:0.10-6
+- Fixed qcow2 segfault creating disks over 2TB. #491943
+
 * Fri Apr  3 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10-5
 - Fix vga segfault under kvm-autotest (#494002)
 - Kill kernelrelease hack; it's not needed