| Message ID | 1309146518-8998-4-git-send-email-famcool@gmail.com |
|---|---|
| State | New |
| Headers | show |
On Mon, Jun 27, 2011 at 4:48 AM, Fam Zheng <famcool@gmail.com> wrote: > + if (strncmp("version=1\n", p, strlen("version=1\n")) == 0 || > + strncmp("version=1\r\n", p, strlen("version=1\r\n")) == 0 || > + strncmp("version=2\n", p, strlen("version=2\n")) == 0 || > + strncmp("version=2\r\n", p, strlen("version=2\r\n")) == 0) { > + return 100; > + } If p == end - 1 then this will run off the end of the buffer. You need to use: strncmp("version=1\n", p, end - p); Stefan
On Mon, Jun 27, 2011 at 12:43 PM, Stefan Hajnoczi <stefanha@gmail.com> wrote: > On Mon, Jun 27, 2011 at 4:48 AM, Fam Zheng <famcool@gmail.com> wrote: >> + if (strncmp("version=1\n", p, strlen("version=1\n")) == 0 || >> + strncmp("version=1\r\n", p, strlen("version=1\r\n")) == 0 || >> + strncmp("version=2\n", p, strlen("version=2\n")) == 0 || >> + strncmp("version=2\r\n", p, strlen("version=2\r\n")) == 0) { >> + return 100; >> + } > > If p == end - 1 then this will run off the end of the buffer. You need to use: > > strncmp("version=1\n", p, end - p); > Won't work if (p == end -1 and *p == 'v'), how about check if end - p is big enough first?
On Mon, Jun 27, 2011 at 6:11 AM, Fam Zheng <famcool@gmail.com> wrote: > On Mon, Jun 27, 2011 at 12:43 PM, Stefan Hajnoczi <stefanha@gmail.com> wrote: >> On Mon, Jun 27, 2011 at 4:48 AM, Fam Zheng <famcool@gmail.com> wrote: >>> + if (strncmp("version=1\n", p, strlen("version=1\n")) == 0 || >>> + strncmp("version=1\r\n", p, strlen("version=1\r\n")) == 0 || >>> + strncmp("version=2\n", p, strlen("version=2\n")) == 0 || >>> + strncmp("version=2\r\n", p, strlen("version=2\r\n")) == 0) { >>> + return 100; >>> + } >> >> If p == end - 1 then this will run off the end of the buffer. You need to use: >> >> strncmp("version=1\n", p, end - p); >> > > Won't work if (p == end -1 and *p == 'v'), how about check if end - p > is big enough first? Yes, good point. Only compare if there is enough space for the matching string: remaining = end - p; if (remaining < strlen("version=X\n")) { continue; } if (strncmp("version=1\n", p, remaining) == 0 || strncmp("version=2\n", p, remaining) == 0) { return 100; } if (remaining < strlen("version=X\r\n")) { continue; } if (strncmp("version=1\r\n", p, remaining) == 0 || strncmp("version=2\r\n", p, remaining) == 0) { return 100; } Stefan
diff --git a/block/vmdk.c b/block/vmdk.c index 0540ec5..0517fdf 100644 --- a/block/vmdk.c +++ b/block/vmdk.c @@ -102,10 +102,44 @@ static int vmdk_probe(const uint8_t *buf, int buf_size, const char *filename) return 0; magic = be32_to_cpu(*(uint32_t *)buf); if (magic == VMDK3_MAGIC || - magic == VMDK4_MAGIC) + magic == VMDK4_MAGIC) { return 100; - else + } else { + const char *p = (const char *)buf; + const char *end = p + buf_size; + while (p < end) { + if (*p == '#') { + /* skip comment line */ + while (p < end && *p != '\n') { + p++; + } + p++; + continue; + } + if (*p == ' ') { + while (p < end && *p == ' ') { + p++; + } + /* skip '\r' if windows line endings used. */ + if (p < end && *p == '\r') { + p++; + } + /* only accept blank lines before 'version=' line */ + if (p == end || *p != '\n') { + return 0; + } + p++; + continue; + } + if (strncmp("version=1\n", p, strlen("version=1\n")) == 0 || + strncmp("version=1\r\n", p, strlen("version=1\r\n")) == 0 || + strncmp("version=2\n", p, strlen("version=2\n")) == 0 || + strncmp("version=2\r\n", p, strlen("version=2\r\n")) == 0) { + return 100; + } + } return 0; + } } #define CHECK_CID 1
Probe as the same behavior as VMware does. Recognize image as monolithicFlat descriptor file when the file is text and the first effective line (not '#' leaded comment or space line) is either 'version=1' or 'version=2'. No space or upper case charactors accepted. Signed-off-by: Fam Zheng <famcool@gmail.com> --- block/vmdk.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 files changed, 36 insertions(+), 2 deletions(-)