[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen master] raw_bsd: move check to prevent overflow

commit 40332872fec584d2557ed2c3f48d55d15d95eddb
Author:     Tomáš Golembiovský <tgolembi@xxxxxxxxxx>
AuthorDate: Thu Nov 3 14:47:48 2016 +0100
Commit:     Kevin Wolf <kwolf@xxxxxxxxxx>
CommitDate: Fri Nov 11 15:54:55 2016 +0100

    raw_bsd: move check to prevent overflow
    
    When only offset is specified but no size and the offset is greater than
    the real size of the containing device an overflow occurs when parsing
    the options. This overflow is harmless because we do check for this
    exact situation little bit later, but it leads to an error message with
    weird values. It is better to do the check is sooner and prevent the
    overflow.
    
    Signed-off-by: Tomáš Golembiovský <tgolembi@xxxxxxxxxx>
    Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
---
 block/raw_bsd.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/block/raw_bsd.c b/block/raw_bsd.c
index 7c9bebb..cf7a560 100644
--- a/block/raw_bsd.c
+++ b/block/raw_bsd.c
@@ -91,6 +91,14 @@ static int raw_read_options(QDict *options, BlockDriverState 
*bs,
     }
 
     s->offset = qemu_opt_get_size(opts, "offset", 0);
+    if (s->offset > real_size) {
+        error_setg(errp, "Offset (%" PRIu64 ") cannot be greater than "
+            "size of the containing file (%" PRId64 ")",
+            s->offset, real_size);
+        ret = -EINVAL;
+        goto end;
+    }
+
     if (qemu_opt_find(opts, "size") != NULL) {
         s->size = qemu_opt_get_size(opts, "size", 0);
         s->has_size = true;
@@ -100,7 +108,7 @@ static int raw_read_options(QDict *options, 
BlockDriverState *bs,
     }
 
     /* Check size and offset */
-    if (real_size < s->offset || (real_size - s->offset) < s->size) {
+    if ((real_size - s->offset) < s->size) {
         error_setg(errp, "The sum of offset (%" PRIu64 ") and size "
             "(%" PRIu64 ") has to be smaller or equal to the "
             " actual size of the containing file (%" PRId64 ")",
--
generated by git-patchbot for /home/xen/git/qemu-xen.git#master


_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.