[PATCH v2 2/2] qemu: blockPeek: Enforce buffer filling

Peter Krempa <pkrempa@xxxxxxxxxx> · Tue, 19 Sep 2017 10:06:38 +0200

Documentation states:

"'offset' and 'size' represent an area which must lie entirely within
the device or file." Enforce the that the buffer lies within fully.
---
 src/qemu/qemu_driver.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3109f8a17..bddba6b71 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -11416,6 +11416,7 @@ qemuDomainBlockPeek(virDomainPtr dom,
     virDomainDiskDefPtr disk = NULL;
     virDomainObjPtr vm;
     char *tmpbuf = NULL;
+    ssize_t nread;
     int ret = -1;

     virCheckFlags(0, -1);
@@ -11442,9 +11443,16 @@ qemuDomainBlockPeek(virDomainPtr dom,
     if (qemuDomainStorageFileInit(driver, vm, disk->src) < 0)
         goto cleanup;

-    if (virStorageFileRead(disk->src, offset, size, &tmpbuf) < 0)
+    if ((nread = virStorageFileRead(disk->src, offset, size, &tmpbuf)) < 0)
         goto cleanup;

+    if (nread < size) {
+        virReportError(VIR_ERR_INVALID_ARG,
+                       _("'%s' starting from %llu has only %zd bytes available"),
+                       path, offset, nread);
+        goto cleanup;
+    }
+
     memcpy(buffer, tmpbuf, size);

     ret = 0;
-- 
2.14.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






