Message ID | 20170807203007.19033-2-eblake@redhat.com |
---|---|
State | New |
Headers | show |
On 08/07/2017 05:30 PM, Eric Blake wrote: > vpc_open() was checking for bdrv_getlength() failure in one, but > not the other, location. > > Reported-by: Markus Armbruster <armbru@redhat.com> > Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > --- > block/vpc.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/block/vpc.c b/block/vpc.c > index 574879ba7c..468d10ec1c 100644 > --- a/block/vpc.c > +++ b/block/vpc.c > @@ -219,6 +219,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, > uint64_t pagetable_size; > int disk_type = VHD_DYNAMIC; > int ret; > + int64_t bs_size; > > bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file, > false, errp); > @@ -411,7 +412,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, > } > } > > - if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) { > + bs_size = bdrv_getlength(bs->file->bs); > + if (bs_size < 0) { > + error_setg_errno(errp, -bs_size, "unable to learn image size"); > + ret = bs_size; > + goto fail; > + } > + if (s->free_data_block_offset > bs_size) { > error_setg(errp, "block-vpc: free_data_block_offset points after " > "the end of file. The image has been truncated."); > ret = -EINVAL; >
On Mon, Aug 07, 2017 at 03:30:04PM -0500, Eric Blake wrote: > vpc_open() was checking for bdrv_getlength() failure in one, but > not the other, location. > > Reported-by: Markus Armbruster <armbru@redhat.com> > Signed-off-by: Eric Blake <eblake@redhat.com> > --- > block/vpc.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/block/vpc.c b/block/vpc.c > index 574879ba7c..468d10ec1c 100644 > --- a/block/vpc.c > +++ b/block/vpc.c > @@ -219,6 +219,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, > uint64_t pagetable_size; > int disk_type = VHD_DYNAMIC; > int ret; > + int64_t bs_size; > > bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file, > false, errp); > @@ -411,7 +412,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, > } > } > > - if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) { > + bs_size = bdrv_getlength(bs->file->bs); > + if (bs_size < 0) { > + error_setg_errno(errp, -bs_size, "unable to learn image size"); > + ret = bs_size; > + goto fail; > + } > + if (s->free_data_block_offset > bs_size) { > error_setg(errp, "block-vpc: free_data_block_offset points after " > "the end of file. The image has been truncated."); > ret = -EINVAL; > -- > 2.13.4 > > Reviewed-by: Jeff Cody <jcody@redhat.com>
Am 07.08.2017 um 22:30 hat Eric Blake geschrieben: > vpc_open() was checking for bdrv_getlength() failure in one, but > not the other, location. > > Reported-by: Markus Armbruster <armbru@redhat.com> > Signed-off-by: Eric Blake <eblake@redhat.com> > --- > block/vpc.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/block/vpc.c b/block/vpc.c > index 574879ba7c..468d10ec1c 100644 > --- a/block/vpc.c > +++ b/block/vpc.c > @@ -219,6 +219,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, > uint64_t pagetable_size; > int disk_type = VHD_DYNAMIC; > int ret; > + int64_t bs_size; > > bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file, > false, errp); > @@ -411,7 +412,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, > } > } > > - if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) { > + bs_size = bdrv_getlength(bs->file->bs); > + if (bs_size < 0) { > + error_setg_errno(errp, -bs_size, "unable to learn image size"); I would start the error message with a capital letter for consistency with other messages in this function. (It has obviously nothing to do with my general preference for that style.) > + ret = bs_size; > + goto fail; > + } > + if (s->free_data_block_offset > bs_size) { > error_setg(errp, "block-vpc: free_data_block_offset points after " > "the end of file. The image has been truncated."); > ret = -EINVAL; Kevin
diff --git a/block/vpc.c b/block/vpc.c index 574879ba7c..468d10ec1c 100644 --- a/block/vpc.c +++ b/block/vpc.c @@ -219,6 +219,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, uint64_t pagetable_size; int disk_type = VHD_DYNAMIC; int ret; + int64_t bs_size; bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file, false, errp); @@ -411,7 +412,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, } } - if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) { + bs_size = bdrv_getlength(bs->file->bs); + if (bs_size < 0) { + error_setg_errno(errp, -bs_size, "unable to learn image size"); + ret = bs_size; + goto fail; + } + if (s->free_data_block_offset > bs_size) { error_setg(errp, "block-vpc: free_data_block_offset points after " "the end of file. The image has been truncated."); ret = -EINVAL;
vpc_open() was checking for bdrv_getlength() failure in one, but not the other, location. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> --- block/vpc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)