Patchwork block/raw-posix: Abort on pread beyond end of non-growable file

login
register
mail settings
Submitter Kevin Wolf
Date Jan. 22, 2010, 1:26 p.m.
Message ID <1264166798-27422-1-git-send-email-kwolf@redhat.com>
Download mbox | patch
Permalink /patch/43482/
State New
Headers show

Comments

Kevin Wolf - Jan. 22, 2010, 1:26 p.m.
This shouldn't happen under any normal circumstances. However, it looks like
it's possible to achieve this with corrupted images. Without this patch
raw_pread is hanging in an endless loop in such cases.

The patch is not affecting growable files, for which such reads happen in
normal use cases. raw_pread_aligned already handles these cases and won't
return zero in the first place.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/raw-posix.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)
Anthony Liguori - Jan. 27, 2010, 12:07 a.m.
On 01/22/2010 07:26 AM, Kevin Wolf wrote:
> This shouldn't happen under any normal circumstances. However, it looks like
> it's possible to achieve this with corrupted images. Without this patch
> raw_pread is hanging in an endless loop in such cases.
>
> The patch is not affecting growable files, for which such reads happen in
> normal use cases. raw_pread_aligned already handles these cases and won't
> return zero in the first place.
>
> Signed-off-by: Kevin Wolf<kwolf@redhat.com>
>    

Applied.  Thanks.

Regards,

Anthony Liguori
> ---
>   block/raw-posix.c |    6 +++++-
>   1 files changed, 5 insertions(+), 1 deletions(-)
>
> diff --git a/block/raw-posix.c b/block/raw-posix.c
> index 4d79881..6ef1cff 100644
> --- a/block/raw-posix.c
> +++ b/block/raw-posix.c
> @@ -403,8 +403,12 @@ static int raw_pread(BlockDriverState *bs, int64_t offset,
>                       size = ALIGNED_BUFFER_SIZE;
>
>                   ret = raw_pread_aligned(bs, offset, s->aligned_buf, size);
> -                if (ret<  0)
> +                if (ret<  0) {
>                       return ret;
> +                } else if (ret == 0) {
> +                    fprintf(stderr, "raw_pread: read beyond end of file\n");
> +                    abort();
> +                }
>
>                   size = ret;
>                   if (size>  count)
>

Patch

diff --git a/block/raw-posix.c b/block/raw-posix.c
index 4d79881..6ef1cff 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -403,8 +403,12 @@  static int raw_pread(BlockDriverState *bs, int64_t offset,
                     size = ALIGNED_BUFFER_SIZE;
 
                 ret = raw_pread_aligned(bs, offset, s->aligned_buf, size);
-                if (ret < 0)
+                if (ret < 0) {
                     return ret;
+                } else if (ret == 0) {
+                    fprintf(stderr, "raw_pread: read beyond end of file\n");
+                    abort();
+                }
 
                 size = ret;
                 if (size > count)