[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 34/42] block: fix off-by-one error in qcow and qcow2
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PULL 34/42] block: fix off-by-one error in qcow and qcow2 |
Date: |
Fri, 6 Feb 2015 17:40:41 +0100 |
From: Jeff Cody <address@hidden>
This fixes an off-by-one error introduced in 9a29e18. Both qcow and
qcow2 need to make sure to leave room for string terminator '\0' for
the backing file, so the max length of the non-terminated string is
either 1023 or PATH_MAX - 1.
Reported-by: Kevin Wolf <address@hidden>
Signed-off-by: Jeff Cody <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow.c | 2 +-
block/qcow2.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/qcow.c b/block/qcow.c
index ccbe9e0..0558969 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -215,7 +215,7 @@ static int qcow_open(BlockDriverState *bs, QDict *options,
int flags,
/* read the backing file name */
if (header.backing_file_offset != 0) {
len = header.backing_file_size;
- if (len > 1023 || len > sizeof(bs->backing_file)) {
+ if (len > 1023 || len >= sizeof(bs->backing_file)) {
error_setg(errp, "Backing file name too long");
ret = -EINVAL;
goto fail;
diff --git a/block/qcow2.c b/block/qcow2.c
index dbaf016..7e614d7 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -869,7 +869,7 @@ static int qcow2_open(BlockDriverState *bs, QDict *options,
int flags,
if (header.backing_file_offset != 0) {
len = header.backing_file_size;
if (len > MIN(1023, s->cluster_size - header.backing_file_offset) ||
- len > sizeof(bs->backing_file)) {
+ len >= sizeof(bs->backing_file)) {
error_setg(errp, "Backing file name too long");
ret = -EINVAL;
goto fail;
--
1.8.3.1
- [Qemu-devel] [PULL 19/42] block: add event when disk usage exceeds threshold, (continued)
- [Qemu-devel] [PULL 19/42] block: add event when disk usage exceeds threshold, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 26/42] block/dmg: set virtual size to a non-zero value, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 21/42] block/dmg: extract mish block decoding functionality, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 29/42] block/dmg: factor out block type check, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 24/42] block/dmg: validate chunk size to avoid overflow, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 23/42] block/dmg: process a buffer instead of reading ints, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 27/42] block/dmg: fix sector data offset calculation, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 28/42] block/dmg: use SectorNumber from BLKX header, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 31/42] block/dmg: improve zeroes handling, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 32/42] qed: check for header size overflow, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 34/42] block: fix off-by-one error in qcow and qcow2,
Kevin Wolf <=
- [Qemu-devel] [PULL 37/42] iotests: Fix 104 for NBD, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 30/42] block/dmg: support bzip2 block entry types, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 33/42] qemu-iotests: add 116 invalid QED input file tests, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 38/42] nbd: Improve error messages, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 40/42] nbd: fix max_discard/max_transfer_length, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 35/42] iotests: Fix 083, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 36/42] iotests: Fix 100 for nbd, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 39/42] block: introduce BDRV_REQUEST_MAX_SECTORS, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 41/42] block: Give always priority to unused entries in the qcow2 L2 cache, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 42/42] qcow2: Rewrite qcow2_alloc_bytes(), Kevin Wolf, 2015/02/06