mirror of
https://github.com/qemu/qemu.git
synced 2024-12-11 20:53:51 +08:00
42d43d35d9
cloop stores the number of compressed blocks in the n_blocks header field. The file actually contains n_blocks + 1 offsets, where the extra offset is the end-of-file offset. The following line in cloop_read_block() results in an out-of-bounds offsets[] access: uint32_t bytes = s->offsets[block_num + 1] - s->offsets[block_num]; This patch allocates and loads the extra offset so that cloop_read_block() works correctly when the last block is accessed. Notice that we must free s->offsets[] unconditionally now since there is always an end-of-file offset. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
39 lines
1.5 KiB
Plaintext
39 lines
1.5 KiB
Plaintext
QA output created by 075
|
|
|
|
== check that the first sector can be read ==
|
|
read 512/512 bytes at offset 0
|
|
512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
|
|
|
== check that the last sector can be read ==
|
|
read 512/512 bytes at offset 1048064
|
|
512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
|
|
|
== block_size must be a multiple of 512 ==
|
|
qemu-io: can't open device TEST_DIR/simple-pattern.cloop: block_size 513 must be a multiple of 512
|
|
no file open, try 'help open'
|
|
|
|
== block_size cannot be zero ==
|
|
qemu-io: can't open device TEST_DIR/simple-pattern.cloop: block_size cannot be zero
|
|
no file open, try 'help open'
|
|
|
|
== huge block_size ===
|
|
qemu-io: can't open device TEST_DIR/simple-pattern.cloop: block_size 4294966784 must be 64 MB or less
|
|
no file open, try 'help open'
|
|
|
|
== offsets_size overflow ===
|
|
qemu-io: can't open device TEST_DIR/simple-pattern.cloop: n_blocks 4294967295 must be 536870911 or less
|
|
no file open, try 'help open'
|
|
|
|
== refuse images that require too many offsets ===
|
|
qemu-io: can't open device TEST_DIR/simple-pattern.cloop: image requires too many offsets, try increasing block size
|
|
no file open, try 'help open'
|
|
|
|
== refuse images with non-monotonically increasing offsets ==
|
|
qemu-io: can't open device TEST_DIR/simple-pattern.cloop: offsets not monotonically increasing at index 1, image file is corrupt
|
|
no file open, try 'help open'
|
|
|
|
== refuse images with invalid compressed block size ==
|
|
qemu-io: can't open device TEST_DIR/simple-pattern.cloop: invalid compressed block size at index 1, image file is corrupt
|
|
no file open, try 'help open'
|
|
*** done
|