From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 18 Sep 2017 14:08:40 +0000 (+0200)
Subject: qemu: blockPeek: Enforce buffer filling
X-Git-Tag: v3.8.0-rc1~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8de85386dbccdc181bda6b2d206ddd163acd1722;p=thirdparty%2Flibvirt.git

qemu: blockPeek: Enforce buffer filling

Documentation states:

"'offset' and 'size' represent an area which must lie entirely within
the device or file." Enforce the that the buffer lies within fully.
---

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3109f8a170..bddba6b710 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -11416,6 +11416,7 @@ qemuDomainBlockPeek(virDomainPtr dom,
     virDomainDiskDefPtr disk = NULL;
     virDomainObjPtr vm;
     char *tmpbuf = NULL;
+    ssize_t nread;
     int ret = -1;
 
     virCheckFlags(0, -1);
@@ -11442,9 +11443,16 @@ qemuDomainBlockPeek(virDomainPtr dom,
     if (qemuDomainStorageFileInit(driver, vm, disk->src) < 0)
         goto cleanup;
 
-    if (virStorageFileRead(disk->src, offset, size, &tmpbuf) < 0)
+    if ((nread = virStorageFileRead(disk->src, offset, size, &tmpbuf)) < 0)
         goto cleanup;
 
+    if (nread < size) {
+        virReportError(VIR_ERR_INVALID_ARG,
+                       _("'%s' starting from %llu has only %zd bytes available"),
+                       path, offset, nread);
+        goto cleanup;
+    }
+
     memcpy(buffer, tmpbuf, size);
 
     ret = 0;