On 04/01/2014 03:49 PM, Shwetha Mathangi Chandra Choodamani wrote:
> This patch fixes the bug in qemu-img info that wouldn't populate the extent type for default formats.
> The extent type has now been set where necessary. This is the second version in the series after inputs
> from Fam Zheng(famz@redhat.com).
> 
> Signed-off-by: Shwetha Mathangi Chandra Choodamani <saphira.brightscales@gmail.com>
> ---
>  block/vmdk.c |   53 +++++++++++++++++++++++++++++++++++++++++++++++++----
>  1 file changed, 49 insertions(+), 4 deletions(-)
> 

> +    bdrv_pread(file, sizeof(magic), buf, size);
> +    sscanf(buf, "%10s %" SCNd64 " %10s \"%511[^\n\r\"]\" %" SCNd64,
> +    access, &sectors, type, fname, &flat_offset);

Odd indentation.  Furthermore, sscanf() has undefined behavior if the
input values overflow the width of the integer variable you are parsing
into.  While you are not the first client of sscanf in the code base, I
strongly recommend that you use something that isn't vulnerable to
undefined behavior on untrusted external input, or at the VERY least,
check the sscanf() return value as well as put a %n parameter at the end
of your format string to ensure that you parsed what you thought you did.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org