From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:36461)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1UDdwN-0002uA-BU
	for qemu-devel@nongnu.org; Thu, 07 Mar 2013 11:45:12 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1UDdwL-0002aK-TZ
	for qemu-devel@nongnu.org; Thu, 07 Mar 2013 11:45:11 -0500
Received: from mail-ea0-x22a.google.com ([2a00:1450:4013:c01::22a]:53224)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1UDdwL-0002a9-Nu
	for qemu-devel@nongnu.org; Thu, 07 Mar 2013 11:45:09 -0500
Received: by mail-ea0-f170.google.com with SMTP id e10so223292eaa.15
	for <qemu-devel@nongnu.org>; Thu, 07 Mar 2013 08:45:08 -0800 (PST)
Date: Thu, 7 Mar 2013 17:45:05 +0100
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20130307164505.GA28279@stefanha-thinkpad.redhat.com>
References: <20130307110207.17430.68584.malonedeb@gac.canonical.com>
	<20130307110207.17430.68584.malonedeb@gac.canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20130307110207.17430.68584.malonedeb@gac.canonical.com>
Subject: Re: [Qemu-devel] [Bug 1151986] [NEW] buffer overflow after
 block-stream via QMP
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Bug 1151986 <1151986@bugs.launchpad.net>
Cc: qemu-devel@nongnu.org

On Thu, Mar 07, 2013 at 11:02:07AM -0000, Helge Rausch wrote:
> When a block-stream is initiated via QMP and the QMP socket is closed on
> client side before the job is finished, QEMU crashes with a buffer
> overflow, somewhere at the end of the streaming process.
> 
> Without QMP I can stream via the HMP without problems. After crashing, I
> cannot boot from the active image anymore.
> 
> I was able to reproduce this with qemu-kvm and qemu-system-x86_64 on two
> different machines.
> 
> Version:
> QEMU emulator version 1.2.0 (qemu-kvm-1.2.0), Copyright (c) 2003-2008 Fabrice Bellard

I cannot reproduce this with qemu-system-x86-1.2.2-6.fc18.x86_64.

> I started QEMU with the following script:
> 
> qemu-kvm \
>  -monitor vc \
>  -m 512 \
>  -hda "$1" \
>  -net nic,vlan=0 \
>  -net user,vlan=0 \
>  -localtime \
>  -smp 2 \
>  -qmp tcp:localhost:4444,server,nowait

I used your command-line and the following QMP commands:

$ QMP/qmp-shell localhost:4444
(QEMU) blockdev-snapshot-sync device=ide0-hd0 snapshot-file=test2.qcow2
(QEMU) block-stream ide0-hd0
(QEMU) query-block-jobs
...output shows the job running...
(QEMU) Ctrl+D

The block job completes successfully and I get no crash.

Please try qemu.git/master to see if the bug is still there for you:

$ git clone git://git.qemu-project.org/qemu.git
$ cd qemu
$ ./configure --target-list=x86_64-softmmu
$ make
$ x86_64-softmmu/qemu-system-x86_64-softmmu -enable-kvm ...

Stefan