From 8de85386dbccdc181bda6b2d206ddd163acd1722 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Mon, 18 Sep 2017 16:08:40 +0200 Subject: [PATCH] qemu: blockPeek: Enforce buffer filling Documentation states: "'offset' and 'size' represent an area which must lie entirely within the device or file." Enforce the that the buffer lies within fully. --- src/qemu/qemu_driver.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 3109f8a170..bddba6b710 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -11416,6 +11416,7 @@ qemuDomainBlockPeek(virDomainPtr dom, virDomainDiskDefPtr disk = NULL; virDomainObjPtr vm; char *tmpbuf = NULL; + ssize_t nread; int ret = -1; virCheckFlags(0, -1); @@ -11442,9 +11443,16 @@ qemuDomainBlockPeek(virDomainPtr dom, if (qemuDomainStorageFileInit(driver, vm, disk->src) < 0) goto cleanup; - if (virStorageFileRead(disk->src, offset, size, &tmpbuf) < 0) + if ((nread = virStorageFileRead(disk->src, offset, size, &tmpbuf)) < 0) goto cleanup; + if (nread < size) { + virReportError(VIR_ERR_INVALID_ARG, + _("'%s' starting from %llu has only %zd bytes available"), + path, offset, nread); + goto cleanup; + } + memcpy(buffer, tmpbuf, size); ret = 0; -- 2.47.2