* [Qemu-devel] [PATCH] block: fix off-by-one error in qcow and qcow2
@ 2015-01-27 13:33 Jeff Cody
2015-01-27 14:09 ` Kevin Wolf
2015-02-03 10:59 ` Kevin Wolf
0 siblings, 2 replies; 3+ messages in thread
From: Jeff Cody @ 2015-01-27 13:33 UTC (permalink / raw)
To: qemu-devel; +Cc: kwolf
This fixes an off-by-one error introduced in 9a29e18. Both qcow and
qcow2 need to make sure to leave room for string terminator '\0' for
the backing file, so the max length of the non-terminated string is
either 1023 or PATH_MAX - 1.
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
block/qcow.c | 2 +-
block/qcow2.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/qcow.c b/block/qcow.c
index ccbe9e0..0558969 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -215,7 +215,7 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
/* read the backing file name */
if (header.backing_file_offset != 0) {
len = header.backing_file_size;
- if (len > 1023 || len > sizeof(bs->backing_file)) {
+ if (len > 1023 || len >= sizeof(bs->backing_file)) {
error_setg(errp, "Backing file name too long");
ret = -EINVAL;
goto fail;
diff --git a/block/qcow2.c b/block/qcow2.c
index dbaf016..7e614d7 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -869,7 +869,7 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
if (header.backing_file_offset != 0) {
len = header.backing_file_size;
if (len > MIN(1023, s->cluster_size - header.backing_file_offset) ||
- len > sizeof(bs->backing_file)) {
+ len >= sizeof(bs->backing_file)) {
error_setg(errp, "Backing file name too long");
ret = -EINVAL;
goto fail;
--
1.9.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH] block: fix off-by-one error in qcow and qcow2
2015-01-27 13:33 [Qemu-devel] [PATCH] block: fix off-by-one error in qcow and qcow2 Jeff Cody
@ 2015-01-27 14:09 ` Kevin Wolf
2015-02-03 10:59 ` Kevin Wolf
1 sibling, 0 replies; 3+ messages in thread
From: Kevin Wolf @ 2015-01-27 14:09 UTC (permalink / raw)
To: Jeff Cody; +Cc: qemu-devel, stefanha
Am 27.01.2015 um 14:33 hat Jeff Cody geschrieben:
> This fixes an off-by-one error introduced in 9a29e18. Both qcow and
> qcow2 need to make sure to leave room for string terminator '\0' for
> the backing file, so the max length of the non-terminated string is
> either 1023 or PATH_MAX - 1.
>
> Reported-by: Kevin Wolf <kwolf@redhat.com>
> Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH] block: fix off-by-one error in qcow and qcow2
2015-01-27 13:33 [Qemu-devel] [PATCH] block: fix off-by-one error in qcow and qcow2 Jeff Cody
2015-01-27 14:09 ` Kevin Wolf
@ 2015-02-03 10:59 ` Kevin Wolf
1 sibling, 0 replies; 3+ messages in thread
From: Kevin Wolf @ 2015-02-03 10:59 UTC (permalink / raw)
To: Jeff Cody; +Cc: qemu-devel
Am 27.01.2015 um 14:33 hat Jeff Cody geschrieben:
> This fixes an off-by-one error introduced in 9a29e18. Both qcow and
> qcow2 need to make sure to leave room for string terminator '\0' for
> the backing file, so the max length of the non-terminated string is
> either 1023 or PATH_MAX - 1.
>
> Reported-by: Kevin Wolf <kwolf@redhat.com>
> Signed-off-by: Jeff Cody <jcody@redhat.com>
Thanks, applied to the block branch.
Kevin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-02-03 10:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-27 13:33 [Qemu-devel] [PATCH] block: fix off-by-one error in qcow and qcow2 Jeff Cody
2015-01-27 14:09 ` Kevin Wolf
2015-02-03 10:59 ` Kevin Wolf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).