From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46873)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <pl@kamp.de>)
	id 1VYVhZ-00042c-V9
	for qemu-devel@nongnu.org; Tue, 22 Oct 2013 02:44:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pl@kamp.de>) id 1VYVhU-0006S4-EL
	for qemu-devel@nongnu.org; Tue, 22 Oct 2013 02:44:25 -0400
Received: from mx.ipv6.kamp.de ([2a02:248:0:51::16]:44597 helo=mx01.kamp.de)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <pl@kamp.de>)
	id 1VYVhU-0006Rj-1N
	for qemu-devel@nongnu.org; Tue, 22 Oct 2013 02:44:20 -0400
From: Peter Lieven <pl@kamp.de>
Date: Tue, 22 Oct 2013 08:43:25 +0200
Message-Id: <1382424205-19742-1-git-send-email-pl@kamp.de>
Subject: [Qemu-devel] [PATCH] block/vpc: check that the image has not been
	truncated
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, aliguori@us.ibm.com, jcody@redhat.com, Peter Lieven <pl@kamp.de>, stefanha@redhat.com, pbonzini@redhat.com

this adds a check that a dynamic VHD file has not been
accidently truncated (e.g. during transfer or upload).

Signed-off-by: Peter Lieven <pl@kamp.de>
---
 block/vpc.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/block/vpc.c b/block/vpc.c
index 1acc1d4..921364e 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -269,6 +269,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
             }
         }
 
+        if (s->free_data_block_offset > bdrv_getlength(bs->file)) {
+            ret = -EINVAL;
+            fprintf(stderr, "block-vpc: free_data_block_offset points after"
+                            "the end of file. the image has been truncated.\n");
+            goto fail;
+        }
+
         s->last_bitmap_offset = (int64_t) -1;
 
 #ifdef CACHE
-- 
1.7.9.5