[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-block] [PULL 04/12] raw_bsd: move check to prevent overflow
From: |
Kevin Wolf |
Subject: |
[Qemu-block] [PULL 04/12] raw_bsd: move check to prevent overflow |
Date: |
Fri, 11 Nov 2016 17:55:03 +0100 |
From: Tomáš Golembiovský <address@hidden>
When only offset is specified but no size and the offset is greater than
the real size of the containing device an overflow occurs when parsing
the options. This overflow is harmless because we do check for this
exact situation little bit later, but it leads to an error message with
weird values. It is better to do the check is sooner and prevent the
overflow.
Signed-off-by: Tomáš Golembiovský <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
block/raw_bsd.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/block/raw_bsd.c b/block/raw_bsd.c
index 7c9bebb..cf7a560 100644
--- a/block/raw_bsd.c
+++ b/block/raw_bsd.c
@@ -91,6 +91,14 @@ static int raw_read_options(QDict *options, BlockDriverState
*bs,
}
s->offset = qemu_opt_get_size(opts, "offset", 0);
+ if (s->offset > real_size) {
+ error_setg(errp, "Offset (%" PRIu64 ") cannot be greater than "
+ "size of the containing file (%" PRId64 ")",
+ s->offset, real_size);
+ ret = -EINVAL;
+ goto end;
+ }
+
if (qemu_opt_find(opts, "size") != NULL) {
s->size = qemu_opt_get_size(opts, "size", 0);
s->has_size = true;
@@ -100,7 +108,7 @@ static int raw_read_options(QDict *options,
BlockDriverState *bs,
}
/* Check size and offset */
- if (real_size < s->offset || (real_size - s->offset) < s->size) {
+ if ((real_size - s->offset) < s->size) {
error_setg(errp, "The sum of offset (%" PRIu64 ") and size "
"(%" PRIu64 ") has to be smaller or equal to the "
" actual size of the containing file (%" PRId64 ")",
--
1.8.3.1
- [Qemu-block] [PULL 00/12] Block layer patches for 2.8.0-rc0, Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 01/12] block/nbd: Fix the leaked visitor, Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 02/12] block/ssh: Code cleanup for unused parameter, Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 03/12] hmp: Make block_stream set an explicit job ID, Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 04/12] raw_bsd: move check to prevent overflow,
Kevin Wolf <=
- [Qemu-block] [PULL 05/12] raw_bsd: don't check size alignment when only offset is set, Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 06/12] qcow2: Remove stale FIXME comment, Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 07/12] nfs: Fix memory leak in nfs_file_create(), Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 08/12] block: Fix bdrv_iterate_format() sorting, Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 09/12] block: Emit modules in bdrv_iterate_format(), Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 11/12] iotests: Always use -machine accel=qtest, Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 10/12] iotests: Skip test 162 if there is no SSH support, Kevin Wolf, 2016/11/11
- [Qemu-block] [PULL 12/12] raw-posix: Rename 'raw_s' to 'rs', Kevin Wolf, 2016/11/11