[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 22/42] block/dmg: extract processing of resource fork
|
From: |
Kevin Wolf |
|
Subject: |
[Qemu-devel] [PULL 22/42] block/dmg: extract processing of resource forks |
|
Date: |
Fri, 6 Feb 2015 17:40:29 +0100 |
From: Peter Wu <address@hidden>
Besides the offset, also read the resource length. This length is now
used in the extracted function to verify the end of the resource fork
against "count" from the resource fork.
Instead of relying on the value of offset to conclude whether the
resource fork is available or not (info_begin==0), check the
rsrc_fork_length instead. This would allow a dmg file to begin with a
resource fork. This seemingly unnecessary restriction was found while
trying to craft a DMG file by hand.
Other changes:
- Do not require resource data offset to be 0x100 (but check that it
is within bounds though).
- Further improve boundary checking (resource data must be within
the resource fork).
- Use correct value for resource data length (spotted by John Snow)
- Consider the resource data offset when determining info_end.
This fixes an EINVAL on the tuxpaint dmg example.
The resource fork format is documented at
https://developer.apple.com/legacy/library/documentation/mac/pdf/MoreMacintoshToolbox.pdf#page=151
Signed-off-by: Peter Wu <address@hidden>
Reviewed-by: John Snow <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
block/dmg.c | 104 ++++++++++++++++++++++++++++++++++++++----------------------
1 file changed, 66 insertions(+), 38 deletions(-)
diff --git a/block/dmg.c b/block/dmg.c
index c571ac9..04bae72 100644
--- a/block/dmg.c
+++ b/block/dmg.c
@@ -285,60 +285,38 @@ fail:
return ret;
}
-static int dmg_open(BlockDriverState *bs, QDict *options, int flags,
- Error **errp)
+static int dmg_read_resource_fork(BlockDriverState *bs, DmgHeaderState *ds,
+ uint64_t info_begin, uint64_t info_length)
{
- BDRVDMGState *s = bs->opaque;
- DmgHeaderState ds;
- uint64_t info_begin, info_end;
- uint32_t count, rsrc_data_offset;
- int64_t offset;
int ret;
+ uint32_t count, rsrc_data_offset;
+ uint64_t info_end;
+ uint64_t offset;
- bs->read_only = 1;
- s->n_chunks = 0;
- s->offsets = s->lengths = s->sectors = s->sectorcounts = NULL;
- /* used by dmg_read_mish_block to keep track of the current I/O position */
- ds.last_in_offset = 0;
- ds.last_out_offset = 0;
- ds.max_compressed_size = 1;
- ds.max_sectors_per_chunk = 1;
-
- /* locate the UDIF trailer */
- offset = dmg_find_koly_offset(bs->file, errp);
- if (offset < 0) {
- ret = offset;
- goto fail;
- }
-
- ret = read_uint64(bs, offset + 0x28, &info_begin);
- if (ret < 0) {
- goto fail;
- } else if (info_begin == 0) {
- ret = -EINVAL;
- goto fail;
- }
-
+ /* read offset from begin of resource fork (info_begin) to resource data */
ret = read_uint32(bs, info_begin, &rsrc_data_offset);
if (ret < 0) {
goto fail;
- } else if (rsrc_data_offset != 0x100) {
+ } else if (rsrc_data_offset > info_length) {
ret = -EINVAL;
goto fail;
}
- ret = read_uint32(bs, info_begin + 4, &count);
+ /* read length of resource data */
+ ret = read_uint32(bs, info_begin + 8, &count);
if (ret < 0) {
goto fail;
- } else if (count == 0) {
+ } else if (count == 0 || rsrc_data_offset + count > info_length) {
ret = -EINVAL;
goto fail;
}
- /* end of resource data, ignoring the following resource map */
- info_end = info_begin + count;
/* begin of resource data (consisting of one or more resources) */
- offset = info_begin + 0x100;
+ offset = info_begin + rsrc_data_offset;
+
+ /* end of resource data (there is possibly a following resource map
+ * which will be ignored). */
+ info_end = offset + count;
/* read offsets (mish blocks) from one or more resources in resource data
*/
while (offset < info_end) {
@@ -352,13 +330,63 @@ static int dmg_open(BlockDriverState *bs, QDict *options,
int flags,
}
offset += 4;
- ret = dmg_read_mish_block(bs, &ds, offset, count);
+ ret = dmg_read_mish_block(bs, ds, offset, count);
if (ret < 0) {
goto fail;
}
/* advance offset by size of resource */
offset += count;
}
+ return 0;
+
+fail:
+ return ret;
+}
+
+static int dmg_open(BlockDriverState *bs, QDict *options, int flags,
+ Error **errp)
+{
+ BDRVDMGState *s = bs->opaque;
+ DmgHeaderState ds;
+ uint64_t rsrc_fork_offset, rsrc_fork_length;
+ int64_t offset;
+ int ret;
+
+ bs->read_only = 1;
+ s->n_chunks = 0;
+ s->offsets = s->lengths = s->sectors = s->sectorcounts = NULL;
+ /* used by dmg_read_mish_block to keep track of the current I/O position */
+ ds.last_in_offset = 0;
+ ds.last_out_offset = 0;
+ ds.max_compressed_size = 1;
+ ds.max_sectors_per_chunk = 1;
+
+ /* locate the UDIF trailer */
+ offset = dmg_find_koly_offset(bs->file, errp);
+ if (offset < 0) {
+ ret = offset;
+ goto fail;
+ }
+
+ /* offset of resource fork (RsrcForkOffset) */
+ ret = read_uint64(bs, offset + 0x28, &rsrc_fork_offset);
+ if (ret < 0) {
+ goto fail;
+ }
+ ret = read_uint64(bs, offset + 0x30, &rsrc_fork_length);
+ if (ret < 0) {
+ goto fail;
+ }
+ if (rsrc_fork_length != 0) {
+ ret = dmg_read_resource_fork(bs, &ds,
+ rsrc_fork_offset, rsrc_fork_length);
+ if (ret < 0) {
+ goto fail;
+ }
+ } else {
+ ret = -EINVAL;
+ goto fail;
+ }
/* initialize zlib engine */
s->compressed_chunk = qemu_try_blockalign(bs->file,
--
1.8.3.1
- [Qemu-devel] [PULL 08/42] block: use fallocate(FALLOC_FL_PUNCH_HOLE) & fallocate(0) to write zeroes, (continued)
- [Qemu-devel] [PULL 08/42] block: use fallocate(FALLOC_FL_PUNCH_HOLE) & fallocate(0) to write zeroes, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 13/42] hw/virtio-blk: add a constant for max number of merged requests, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 11/42] qed: Really remove unused field QEDAIOCB.finished, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 12/42] block: add accounting for merged requests, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 14/42] block-backend: expose bs->bl.max_transfer_length, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 17/42] qemu-iotests: Fix supported_oses check, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 15/42] virtio-blk: introduce multiread, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 18/42] iotests: Specify format for qemu-nbd, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 20/42] block/dmg: properly detect the UDIF trailer, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 16/42] virtio-blk: add a knob to disable request merging, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 22/42] block/dmg: extract processing of resource forks,
Kevin Wolf <=
- [Qemu-devel] [PULL 25/42] block/dmg: process XML plists, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 19/42] block: add event when disk usage exceeds threshold, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 26/42] block/dmg: set virtual size to a non-zero value, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 21/42] block/dmg: extract mish block decoding functionality, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 29/42] block/dmg: factor out block type check, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 24/42] block/dmg: validate chunk size to avoid overflow, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 23/42] block/dmg: process a buffer instead of reading ints, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 27/42] block/dmg: fix sector data offset calculation, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 28/42] block/dmg: use SectorNumber from BLKX header, Kevin Wolf, 2015/02/06
- [Qemu-devel] [PULL 31/42] block/dmg: improve zeroes handling, Kevin Wolf, 2015/02/06