I was getting a segmentation fault when running "qemu-img commit" (to
commit changes back to the underlying filesystem).

It appears that the problem is that there is code in block-cow.c that
"reads ahead" in a bitmap without checking whether it is falling off
the end of the bitmap. At least in my case (running on FreeBSD 5) this
ends up causing a segmentation fault.

I've attached a patch which appears to fix the problem (I'm not sure
if it is the most elegant fix). I've tried to avoid an "off-by-one"
problem in the patch, but you should probably review it to make sure
I've got the logic right.