[1/4] vpc: Check failure of bdrv_getlength()

Message ID	20170807203007.19033-2-eblake@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5F7EC267CD From: Eric Blake <eblake@redhat.com> To: qemu-devel@nongnu.org Date: Mon, 7 Aug 2017 15:30:04 -0500 Message-Id: <20170807203007.19033-2-eblake@redhat.com> In-Reply-To: <20170807203007.19033-1-eblake@redhat.com> References: <20170807203007.19033-1-eblake@redhat.com> Subject: [Qemu-devel] [PATCH 1/4] vpc: Check failure of bdrv_getlength() Precedence: list Cc: kwolf@redhat.com, armbru@redhat.com, qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Message ID

20170807203007.19033-2-eblake@redhat.com

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5F7EC267CD
From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Date: Mon,  7 Aug 2017 15:30:04 -0500
Message-Id: <20170807203007.19033-2-eblake@redhat.com>
In-Reply-To: <20170807203007.19033-1-eblake@redhat.com>
References: <20170807203007.19033-1-eblake@redhat.com>
Subject: [Qemu-devel] [PATCH 1/4] vpc: Check failure of bdrv_getlength()
Precedence: list
Cc: kwolf@redhat.com, armbru@redhat.com, qemu-block@nongnu.org,
	Max Reitz <mreitz@redhat.com>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Commit Message

Eric Blake Aug. 7, 2017, 8:30 p.m. UTC

vpc_open() was checking for bdrv_getlength() failure in one, but
not the other, location.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---
 block/vpc.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

Philippe Mathieu-Daudé Aug. 7, 2017, 8:43 p.m. UTC | #1

On 08/07/2017 05:30 PM, Eric Blake wrote:
> vpc_open() was checking for bdrv_getlength() failure in one, but
> not the other, location.
> 
> Reported-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Eric Blake <eblake@redhat.com>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

> ---
>   block/vpc.c | 9 ++++++++-
>   1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/block/vpc.c b/block/vpc.c
> index 574879ba7c..468d10ec1c 100644
> --- a/block/vpc.c
> +++ b/block/vpc.c
> @@ -219,6 +219,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
>       uint64_t pagetable_size;
>       int disk_type = VHD_DYNAMIC;
>       int ret;
> +    int64_t bs_size;
> 
>       bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
>                                  false, errp);
> @@ -411,7 +412,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
>               }
>           }
> 
> -        if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) {
> +        bs_size = bdrv_getlength(bs->file->bs);
> +        if (bs_size < 0) {
> +            error_setg_errno(errp, -bs_size, "unable to learn image size");
> +            ret = bs_size;
> +            goto fail;
> +        }
> +        if (s->free_data_block_offset > bs_size) {
>               error_setg(errp, "block-vpc: free_data_block_offset points after "
>                                "the end of file. The image has been truncated.");
>               ret = -EINVAL;
>

Jeff Cody Aug. 7, 2017, 11:32 p.m. UTC | #2

On Mon, Aug 07, 2017 at 03:30:04PM -0500, Eric Blake wrote:
> vpc_open() was checking for bdrv_getlength() failure in one, but
> not the other, location.
> 
> Reported-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
>  block/vpc.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/block/vpc.c b/block/vpc.c
> index 574879ba7c..468d10ec1c 100644
> --- a/block/vpc.c
> +++ b/block/vpc.c
> @@ -219,6 +219,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
>      uint64_t pagetable_size;
>      int disk_type = VHD_DYNAMIC;
>      int ret;
> +    int64_t bs_size;
> 
>      bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
>                                 false, errp);
> @@ -411,7 +412,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
>              }
>          }
> 
> -        if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) {
> +        bs_size = bdrv_getlength(bs->file->bs);
> +        if (bs_size < 0) {
> +            error_setg_errno(errp, -bs_size, "unable to learn image size");
> +            ret = bs_size;
> +            goto fail;
> +        }
> +        if (s->free_data_block_offset > bs_size) {
>              error_setg(errp, "block-vpc: free_data_block_offset points after "
>                               "the end of file. The image has been truncated.");
>              ret = -EINVAL;
> -- 
> 2.13.4
> 
> 

Reviewed-by: Jeff Cody <jcody@redhat.com>

Kevin Wolf Aug. 8, 2017, 8:30 a.m. UTC | #3

Am 07.08.2017 um 22:30 hat Eric Blake geschrieben:
> vpc_open() was checking for bdrv_getlength() failure in one, but
> not the other, location.
> 
> Reported-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
>  block/vpc.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/block/vpc.c b/block/vpc.c
> index 574879ba7c..468d10ec1c 100644
> --- a/block/vpc.c
> +++ b/block/vpc.c
> @@ -219,6 +219,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
>      uint64_t pagetable_size;
>      int disk_type = VHD_DYNAMIC;
>      int ret;
> +    int64_t bs_size;
> 
>      bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
>                                 false, errp);
> @@ -411,7 +412,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
>              }
>          }
> 
> -        if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) {
> +        bs_size = bdrv_getlength(bs->file->bs);
> +        if (bs_size < 0) {
> +            error_setg_errno(errp, -bs_size, "unable to learn image size");

I would start the error message with a capital letter for consistency
with other messages in this function. (It has obviously nothing to do
with my general preference for that style.)

> +            ret = bs_size;
> +            goto fail;
> +        }
> +        if (s->free_data_block_offset > bs_size) {
>              error_setg(errp, "block-vpc: free_data_block_offset points after "
>                               "the end of file. The image has been truncated.");
>              ret = -EINVAL;

Kevin

diff --git a/block/vpc.c b/block/vpc.c
index 574879ba7c..468d10ec1c 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -219,6 +219,7 @@  static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
     uint64_t pagetable_size;
     int disk_type = VHD_DYNAMIC;
     int ret;
+    int64_t bs_size;

     bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
                                false, errp);
@@ -411,7 +412,13 @@  static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
             }
         }

-        if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) {
+        bs_size = bdrv_getlength(bs->file->bs);
+        if (bs_size < 0) {
+            error_setg_errno(errp, -bs_size, "unable to learn image size");
+            ret = bs_size;
+            goto fail;
+        }
+        if (s->free_data_block_offset > bs_size) {
             error_setg(errp, "block-vpc: free_data_block_offset points after "
                              "the end of file. The image has been truncated.");
             ret = -EINVAL;

[1/4] vpc: Check failure of bdrv_getlength()

Commit Message

Comments

Patch