>From qemu.git docs/interop/qcow2.txt
== String header extensions ==
Some header extensions (such as the backing file format name and
the external data file name) are just a single string. In this case,
the header extension length is the string length and the string is
not '\0' terminated. (The header extension padding can make it look
like a string is '\0' terminated, but neither is padding always
necessary nor is there a guarantee that zero bytes are used
for padding.)
So we shouldn't be checking for a \0 byte at the end of the backing
format section. I think in practice there always is a \0 but we
shouldn't depend on that.
Signed-off-by: Cole Robinson <crobinso@xxxxxxxxxx>
---
src/util/virstoragefile.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 8cd576a463..5a4e4b24ae 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -506,13 +506,18 @@ qcow2GetExtensions(const char *buf,
case QCOW2_HDR_EXTENSION_END:
goto done;
- case QCOW2_HDR_EXTENSION_BACKING_FORMAT:
- if (buf[offset+len] != '\0')
- break;
- *backingFormat = virStorageFileFormatTypeFromString(buf+offset);
+ case QCOW2_HDR_EXTENSION_BACKING_FORMAT: {
+ VIR_AUTOFREE(char *) tmp = NULL;
+ if (VIR_ALLOC_N(tmp, len + 1) < 0)
+ return -1;
+ memcpy(tmp, buf + offset, len);
+ tmp[len] = '\0';
+
+ *backingFormat = virStorageFileFormatTypeFromString(tmp);
if (*backingFormat <= VIR_STORAGE_FILE_NONE)
return -1;
}
+ }
offset += len;
}
--
2.23.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
