We add qemu_peek_buffer, that is identical to qemu_get_buffer, just
that it don't update f->buf_index.
We add a paramenter to qemu_peek_byte() to be able to peek more than
one byte.
Once this is done, to see if we have a subsection we look:
- 1st byte is QEMU_VM_SUBSECTION
- 2nd byte is a length, and is bigger than section name
- 3rd element is a string that starts with section_name
So, we shouldn't have false positives (yes, content could still get us
wrong but probabilities are really low).
Signed-off-by: Juan Quintela<address@hidden>
---
savevm.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 60 insertions(+), 11 deletions(-)
diff --git a/savevm.c b/savevm.c
index 5fee4e2..db6ea12 100644
--- a/savevm.c
+++ b/savevm.c
@@ -532,6 +532,37 @@ void qemu_put_byte(QEMUFile *f, int v)
qemu_fflush(f);
}
+static int qemu_peek_buffer(QEMUFile *f, uint8_t *buf, int size1, int offset)
+{
+ int size, l;
+ int index = f->buf_index + offset;
+
+ if (f->is_write) {
+ abort();
+ }
+
+ size = size1;
+ while (size> 0) {
+ l = f->buf_size - index;
+ if (l == 0) {
+ qemu_fill_buffer(f);
+ index = f->buf_index + offset;
+ l = f->buf_size - index;
+ if (l == 0) {
+ break;
+ }
+ }
+ if (l> size) {
+ l = size;
+ }
+ memcpy(buf, f->buf + index, l);
+ index += l;
+ buf += l;
+ size -= l;
+ }
+ return size1 - size;
+}
+
int qemu_get_buffer(QEMUFile *f, uint8_t *buf, int size1)
{
int size, l;
@@ -561,19 +592,22 @@ int qemu_get_buffer(QEMUFile *f, uint8_t *buf, int size1)
return size1 - size;
}
-static int qemu_peek_byte(QEMUFile *f)
+static int qemu_peek_byte(QEMUFile *f, int offset)
{
+ int index = f->buf_index + offset;
+
if (f->is_write) {
abort();
}
- if (f->buf_index>= f->buf_size) {
+ if (index>= f->buf_size) {
qemu_fill_buffer(f);
- if (f->buf_index>= f->buf_size) {
+ index = f->buf_index + offset;
+ if (index>= f->buf_size) {
return 0;
}
}
- return f->buf[f->buf_index];
+ return f->buf[index];
}
int qemu_get_byte(QEMUFile *f)
@@ -1687,22 +1721,37 @@ static int vmstate_subsection_load(QEMUFile *f, const
VMStateDescription *vmsd,
return 0;
}
- while (qemu_peek_byte(f) == QEMU_VM_SUBSECTION) {
+ while (qemu_peek_byte(f, 0) == QEMU_VM_SUBSECTION) {
char idstr[256];
int ret;
- uint8_t version_id, len;
+ uint8_t version_id, len, size;
const VMStateDescription *sub_vmsd;
- qemu_get_byte(f); /* subsection */
- len = qemu_get_byte(f);
- qemu_get_buffer(f, (uint8_t *)idstr, len);
- idstr[len] = 0;
- version_id = qemu_get_be32(f);
+ len = qemu_peek_byte(f, 1);
+ if (len< strlen(vmsd->name) + 1) {
+ /* subsection name has be be "section_name/a" */
+ return 0;
+ }
+ size = qemu_peek_buffer(f, (uint8_t *)idstr, len, 2);
+ if (size != len) {
+ return 0;
+ }
+ idstr[size] = 0;