ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/block
History
Stefan Hajnoczi dbd3e4a75c block/cloop: fix offsets[] size off-by-one 
cloop stores the number of compressed blocks in the n_blocks header
field.  The file actually contains n_blocks + 1 offsets, where the extra
offset is the end-of-file offset.

The following line in cloop_read_block() results in an out-of-bounds
offsets[] access:

    uint32_t bytes = s->offsets[block_num + 1] - s->offsets[block_num];

This patch allocates and loads the extra offset so that
cloop_read_block() works correctly when the last block is accessed.

Notice that we must free s->offsets[] unconditionally now since there is
always an end-of-file offset.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 42d43d35d9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2014-07-03 16:18:10 -05:00
..
Makefile.objs block: vhdx - log parsing, replay, and flush support 2013-11-07 13:58:58 +01:00
backup.c qapi: make use of new BlockJobType 2013-10-11 10:52:54 +02:00
blkdebug.c blkdebug: Employ error parameter 2013-10-11 16:50:00 +02:00
blkverify.c blkverify: Employ error parameter 2013-10-11 16:50:00 +02:00
bochs.c bdrv: Use "Error" for opening images 2013-09-12 10:12:47 +02:00
cloop.c block/cloop: fix offsets[] size off-by-one 2014-07-03 16:18:10 -05:00
commit.c qapi: make use of new BlockJobType 2013-10-11 10:52:54 +02:00
cow.c block: Error parameter for create functions 2013-09-12 10:12:48 +02:00
curl.c block/curl: Implement the libcurl timer callback interface 2014-02-21 00:34:40 -06:00
dmg.c bdrv: Use "Error" for opening images 2013-09-12 10:12:47 +02:00
gluster.c block: introduce BlockDriver.bdrv_needs_filename to enable some drivers. 2013-09-25 16:21:28 +02:00
iscsi.c block/iscsi: fix deadlock on scsi check condition 2014-06-25 11:08:29 -05:00
linux-aio.c aio: drop io_flush argument 2013-08-19 15:52:19 +02:00
mirror.c mirror: fix early wake from sleep due to aio 2014-06-25 15:26:29 -05:00
nbd.c bdrv: Use "Error" for opening images 2013-09-12 10:12:47 +02:00
parallels.c bdrv: Use "Error" for opening images 2013-09-12 10:12:47 +02:00
qapi.c block/qapi: Human-readable ImageInfoSpecific dump 2013-10-11 10:52:54 +02:00
qcow.c block: Error parameter for create functions 2013-09-12 10:12:48 +02:00
qcow2-cache.c qcow2: Use negated overflow check mask 2013-10-11 16:50:00 +02:00
qcow2-cluster.c qcow2: fix possible corruption when reading multiple clusters 2013-11-14 13:09:07 +01:00
qcow2-refcount.c qcow2: Make overlap check mask variable 2013-10-11 16:50:00 +02:00
qcow2-snapshot.c qcow2: Use negated overflow check mask 2013-10-11 16:50:00 +02:00
qcow2.c block: Use BDRV_O_NO_BACKING where appropriate 2014-06-25 16:33:46 -05:00
qcow2.h qcow2: Add more overlap check bitmask macros 2013-10-11 16:50:00 +02:00
qed-check.c qed: mark image clean after repair succeeds 2012-08-10 10:25:12 +02:00
qed-cluster.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-gencb.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-l2-cache.c qed: do not evict in-use L2 table cache entries 2012-03-12 15:14:06 +01:00
qed-table.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qed.c block: Error parameter for create functions 2013-09-12 10:12:48 +02:00
qed.h block: qed - use QEMU_PACKED for on-disk structures 2013-09-25 20:51:15 +02:00
raw-aio.h block: make discard asynchronous 2013-01-15 10:03:47 +01:00
raw-posix.c block: Print its file name if backing file opening failed 2013-11-14 13:09:06 +01:00
raw-win32.c block: Print its file name if backing file opening failed 2013-11-14 13:09:06 +01:00
raw_bsd.c block: Avoid unecessary drv->bdrv_getlength() calls 2013-10-29 13:10:26 +01:00
rbd.c rbd: avoid qemu_rbd_snap_list() memory leaks 2013-09-25 16:22:00 +02:00
sheepdog.c sheepdog: check simultaneous create in resend_aioreq 2013-10-30 12:22:24 +01:00
snapshot.c bdrv: Use "Error" for opening images 2013-09-12 10:12:47 +02:00
ssh.c bdrv: Use "Error" for creating images 2013-09-12 10:12:48 +02:00
stream.c qapi: make use of new BlockJobType 2013-10-11 10:52:54 +02:00
vdi.c block: vdi - use QEMU_PACKED for on-disk structures 2013-09-25 20:51:05 +02:00
vhdx-endian.c block: vhdx - move more endian translations to vhdx-endian.c 2013-11-07 13:58:59 +01:00
vhdx-log.c block: vhdx - add log write support 2013-11-07 13:58:59 +01:00
vhdx.c block: vhdx - add .bdrv_create() support 2013-11-07 13:58:59 +01:00
vhdx.h block: vhdx - add .bdrv_create() support 2013-11-07 13:58:59 +01:00
vmdk.c block: Use BDRV_O_NO_BACKING where appropriate 2014-06-25 16:33:46 -05:00
vpc.c block/vpc: fix virtual size for images created with disk2vhd 2013-11-07 13:58:58 +01:00
vvfat.c block: Error parameter for create functions 2013-09-12 10:12:48 +02:00
win32-aio.c win32-aio: drop win32_aio_flush_cb() 2013-08-22 22:05:04 +02:00