* [Qemu-devel] [PATCH] block: update string sizes for filename, backing_file, exact_filename
@ 2015-01-13 17:03 Jeff Cody
2015-01-13 20:49 ` John Snow
0 siblings, 1 reply; 3+ messages in thread
From: Jeff Cody @ 2015-01-13 17:03 UTC (permalink / raw)
To: qemu-devel; +Cc: kwolf, famz, stefanha, mreitz
The string field entries 'filename', 'backing_file', and
'exact_filename' in the BlockDriverState struct are defined as 1024
bytes.
However, most places that use these values accept a maximum of PATH_MAX
bytes. This patch makes the BlockDriverStruct field string sizes match
the most common usage.
This patch also updates two block drivers that still use 1024-byte sized
arrays for 'backing_file'.
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
block/mirror.c | 2 +-
block/qapi.c | 2 +-
include/block/block_int.h | 8 ++++----
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
index 9019d1b..57154eb 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -378,7 +378,7 @@ static void coroutine_fn mirror_run(void *opaque)
int64_t sector_num, end, sectors_per_chunk, length;
uint64_t last_pause_ns;
BlockDriverInfo bdi;
- char backing_filename[1024];
+ char backing_filename[PATH_MAX];
int ret = 0;
int n;
diff --git a/block/qapi.c b/block/qapi.c
index a6fd6f7..c097238 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -175,7 +175,7 @@ void bdrv_query_image_info(BlockDriverState *bs,
{
int64_t size;
const char *backing_filename;
- char backing_filename2[1024];
+ char backing_filename2[PATH_MAX];
BlockDriverInfo bdi;
int ret;
Error *err = NULL;
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 06a21dd..e264be9 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -339,13 +339,13 @@ struct BlockDriverState {
* regarding this BDS's context */
QLIST_HEAD(, BdrvAioNotifier) aio_notifiers;
- char filename[1024];
- char backing_file[1024]; /* if non zero, the image is a diff of
- this file image */
+ char filename[PATH_MAX];
+ char backing_file[PATH_MAX]; /* if non zero, the image is a diff of
+ this file image */
char backing_format[16]; /* if non-zero and backing_file exists */
QDict *full_open_options;
- char exact_filename[1024];
+ char exact_filename[PATH_MAX];
BlockDriverState *backing_hd;
BlockDriverState *file;
--
1.9.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH] block: update string sizes for filename, backing_file, exact_filename
2015-01-13 17:03 [Qemu-devel] [PATCH] block: update string sizes for filename, backing_file, exact_filename Jeff Cody
@ 2015-01-13 20:49 ` John Snow
2015-01-14 10:50 ` Kevin Wolf
0 siblings, 1 reply; 3+ messages in thread
From: John Snow @ 2015-01-13 20:49 UTC (permalink / raw)
To: Jeff Cody, qemu-devel; +Cc: kwolf, famz, stefanha, mreitz
On 01/13/2015 12:03 PM, Jeff Cody wrote:
> The string field entries 'filename', 'backing_file', and
> 'exact_filename' in the BlockDriverState struct are defined as 1024
> bytes.
>
> However, most places that use these values accept a maximum of PATH_MAX
> bytes. This patch makes the BlockDriverStruct field string sizes match
> the most common usage.
>
> This patch also updates two block drivers that still use 1024-byte sized
> arrays for 'backing_file'.
>
> Signed-off-by: Jeff Cody <jcody@redhat.com>
> ---
> block/mirror.c | 2 +-
> block/qapi.c | 2 +-
> include/block/block_int.h | 8 ++++----
> 3 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/block/mirror.c b/block/mirror.c
> index 9019d1b..57154eb 100644
> --- a/block/mirror.c
> +++ b/block/mirror.c
> @@ -378,7 +378,7 @@ static void coroutine_fn mirror_run(void *opaque)
> int64_t sector_num, end, sectors_per_chunk, length;
> uint64_t last_pause_ns;
> BlockDriverInfo bdi;
> - char backing_filename[1024];
> + char backing_filename[PATH_MAX];
> int ret = 0;
> int n;
>
> diff --git a/block/qapi.c b/block/qapi.c
> index a6fd6f7..c097238 100644
> --- a/block/qapi.c
> +++ b/block/qapi.c
> @@ -175,7 +175,7 @@ void bdrv_query_image_info(BlockDriverState *bs,
> {
> int64_t size;
> const char *backing_filename;
> - char backing_filename2[1024];
> + char backing_filename2[PATH_MAX];
> BlockDriverInfo bdi;
> int ret;
> Error *err = NULL;
> diff --git a/include/block/block_int.h b/include/block/block_int.h
> index 06a21dd..e264be9 100644
> --- a/include/block/block_int.h
> +++ b/include/block/block_int.h
> @@ -339,13 +339,13 @@ struct BlockDriverState {
> * regarding this BDS's context */
> QLIST_HEAD(, BdrvAioNotifier) aio_notifiers;
>
> - char filename[1024];
> - char backing_file[1024]; /* if non zero, the image is a diff of
> - this file image */
> + char filename[PATH_MAX];
> + char backing_file[PATH_MAX]; /* if non zero, the image is a diff of
> + this file image */
> char backing_format[16]; /* if non-zero and backing_file exists */
>
> QDict *full_open_options;
> - char exact_filename[1024];
> + char exact_filename[PATH_MAX];
>
> BlockDriverState *backing_hd;
> BlockDriverState *file;
>
Is it important that qcow2_open seems to enforce a 1023-char length
backing_file name?
From qcow2.c, qcow2_open (currently line ~871):
if (len > MIN(1023, s->cluster_size -
header.backing_file_offset)) {
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH] block: update string sizes for filename, backing_file, exact_filename
2015-01-13 20:49 ` John Snow
@ 2015-01-14 10:50 ` Kevin Wolf
0 siblings, 0 replies; 3+ messages in thread
From: Kevin Wolf @ 2015-01-14 10:50 UTC (permalink / raw)
To: John Snow; +Cc: Jeff Cody, famz, qemu-devel, stefanha, mreitz
Am 13.01.2015 um 21:49 hat John Snow geschrieben:
>
>
> On 01/13/2015 12:03 PM, Jeff Cody wrote:
> >The string field entries 'filename', 'backing_file', and
> >'exact_filename' in the BlockDriverState struct are defined as 1024
> >bytes.
> >
> >However, most places that use these values accept a maximum of PATH_MAX
> >bytes. This patch makes the BlockDriverStruct field string sizes match
> >the most common usage.
> >
> >This patch also updates two block drivers that still use 1024-byte sized
> >arrays for 'backing_file'.
> >
> >Signed-off-by: Jeff Cody <jcody@redhat.com>
> >---
> > block/mirror.c | 2 +-
> > block/qapi.c | 2 +-
> > include/block/block_int.h | 8 ++++----
> > 3 files changed, 6 insertions(+), 6 deletions(-)
> >
> >diff --git a/block/mirror.c b/block/mirror.c
> >index 9019d1b..57154eb 100644
> >--- a/block/mirror.c
> >+++ b/block/mirror.c
> >@@ -378,7 +378,7 @@ static void coroutine_fn mirror_run(void *opaque)
> > int64_t sector_num, end, sectors_per_chunk, length;
> > uint64_t last_pause_ns;
> > BlockDriverInfo bdi;
> >- char backing_filename[1024];
> >+ char backing_filename[PATH_MAX];
> > int ret = 0;
> > int n;
> >
> >diff --git a/block/qapi.c b/block/qapi.c
> >index a6fd6f7..c097238 100644
> >--- a/block/qapi.c
> >+++ b/block/qapi.c
> >@@ -175,7 +175,7 @@ void bdrv_query_image_info(BlockDriverState *bs,
> > {
> > int64_t size;
> > const char *backing_filename;
> >- char backing_filename2[1024];
> >+ char backing_filename2[PATH_MAX];
> > BlockDriverInfo bdi;
> > int ret;
> > Error *err = NULL;
We shouldn't have had paths on the stack before this patch, and after
increasing the array size, we should have them even less.
Actually, mirror_run() could probably do with a char[2] or even access
bs->backing_file directly without copying things around. It has that
array only so it can check that backing_filename isn't empty.
> >diff --git a/include/block/block_int.h b/include/block/block_int.h
> >index 06a21dd..e264be9 100644
> >--- a/include/block/block_int.h
> >+++ b/include/block/block_int.h
> >@@ -339,13 +339,13 @@ struct BlockDriverState {
> > * regarding this BDS's context */
> > QLIST_HEAD(, BdrvAioNotifier) aio_notifiers;
> >
> >- char filename[1024];
> >- char backing_file[1024]; /* if non zero, the image is a diff of
> >- this file image */
> >+ char filename[PATH_MAX];
> >+ char backing_file[PATH_MAX]; /* if non zero, the image is a diff of
> >+ this file image */
> > char backing_format[16]; /* if non-zero and backing_file exists */
> >
> > QDict *full_open_options;
> >- char exact_filename[1024];
> >+ char exact_filename[PATH_MAX];
> >
> > BlockDriverState *backing_hd;
> > BlockDriverState *file;
> >
>
> Is it important that qcow2_open seems to enforce a 1023-char length
> backing_file name?
>
> From qcow2.c, qcow2_open (currently line ~871):
> if (len > MIN(1023, s->cluster_size -
> header.backing_file_offset)) {
It is relevant for PATH_MAX < 1023. In such cases we have a buffer
overflow now.
For cases where PATH_MAX > 1023: The limitation has become part of the
file format definition, so we can't remove it (otherwise older qemu
versions wouldn't be able to read the image).
Kevin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-01-14 10:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-13 17:03 [Qemu-devel] [PATCH] block: update string sizes for filename, backing_file, exact_filename Jeff Cody
2015-01-13 20:49 ` John Snow
2015-01-14 10:50 ` Kevin Wolf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).