]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f767d53)
qemu: blockPeek: Enforce buffer filling
authorPeter Krempa <pkrempa@redhat.com>
Mon, 18 Sep 2017 14:08:40 +0000 (16:08 +0200)
committerPeter Krempa <pkrempa@redhat.com>
Tue, 19 Sep 2017 15:26:48 +0000 (17:26 +0200)
Documentation states:

"'offset' and 'size' represent an area which must lie entirely within
the device or file." Enforce the that the buffer lies within fully.

src/qemu/qemu_driver.c patch | blob | blame | history

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3109f8a17045c1ef86d6192a689c293079a1c14f..bddba6b710927414015198e2ea4d341e65b50e3f 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -11416,6 +11416,7 @@ qemuDomainBlockPeek(virDomainPtr dom,
     virDomainDiskDefPtr disk = NULL;
     virDomainObjPtr vm;
     char *tmpbuf = NULL;
+    ssize_t nread;
     int ret = -1;
 
     virCheckFlags(0, -1);
@@ -11442,9 +11443,16 @@ qemuDomainBlockPeek(virDomainPtr dom,
     if (qemuDomainStorageFileInit(driver, vm, disk->src) < 0)
         goto cleanup;
 
-    if (virStorageFileRead(disk->src, offset, size, &tmpbuf) < 0)
+    if ((nread = virStorageFileRead(disk->src, offset, size, &tmpbuf)) < 0)
         goto cleanup;
 
+    if (nread < size) {
+        virReportError(VIR_ERR_INVALID_ARG,
+                       _("'%s' starting from %llu has only %zd bytes available"),
+                       path, offset, nread);
+        goto cleanup;
+    }
+
     memcpy(buffer, tmpbuf, size);
 
     ret = 0;
Mirror of https://github.com/libvirt/libvirt.git