From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Lu1oK-0005TB-KV
	for qemu-devel@nongnu.org; Wed, 15 Apr 2009 05:53:40 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Lu1oF-0005Rx-Hr
	for qemu-devel@nongnu.org; Wed, 15 Apr 2009 05:53:39 -0400
Received: from [199.232.76.173] (port=48589 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Lu1oE-0005Ro-II
	for qemu-devel@nongnu.org; Wed, 15 Apr 2009 05:53:34 -0400
Received: from mx2.redhat.com ([66.187.237.31]:37012)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <kwolf@redhat.com>) id 1Lu1oE-0007P4-2D
	for qemu-devel@nongnu.org; Wed, 15 Apr 2009 05:53:34 -0400
From: Kevin Wolf <kwolf@redhat.com>
Date: Wed, 15 Apr 2009 11:52:31 +0200
Message-Id: <1239789151-23552-1-git-send-email-kwolf@redhat.com>
Subject: [Qemu-devel] [PATCH] qcow2 corruption: Fix alloc_cluster_link_l2
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, dlaor@redhat.com, gleb@redhat.com

This patch fixes a qcow2 corruption bug introduced in SVN Rev 5861. L2 tables
are big endian, so entries must be converted before being passed to functions.

This bug is easy to trigger. The following script will create and destroy a
qcow2 image (the header is gone after three loop iterations):

    #!/bin/bash
    qemu-img create -f qcow2 test.qcow 1M
    for i in $(seq 1 10); do
    qemu-system-x86_64 -hda test.qcow -monitor stdio > /dev/null 2>&1 <<EOF
    savevm test-$i
    quit
    EOF
    done

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block-qcow2.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/block-qcow2.c b/block-qcow2.c
index da8fb42..985214f 100644
--- a/block-qcow2.c
+++ b/block-qcow2.c
@@ -1007,7 +1007,7 @@ static int alloc_cluster_link_l2(BlockDriverState *bs, uint64_t cluster_offset,
         goto err;
 
     for (i = 0; i < j; i++)
-        free_any_clusters(bs, old_cluster[i], 1);
+        free_any_clusters(bs, be64_to_cpu(old_cluster[i]), 1);
 
     ret = 0;
 err:
-- 
1.6.0.6