OSDN Git Service

(root) / qmiga / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5fc2b4f) | patch
qcow2: Avoid integer wraparound in qcow2_co_truncate()
authorAlberto Garcia <berto@igalia.com>
Mon, 4 May 2020 15:52:17 +0000 (17:52 +0200)
committerKevin Wolf <kwolf@redhat.com>
Fri, 8 May 2020 11:26:35 +0000 (13:26 +0200)
commite4d7019e1a81c61de6a925c3ac5bb6e62ea21b29
tree39cffe3992e3e0fe8ec3deb57cddc26d6853881btree | snapshot
parent5fc2b4f21811668c7cbbe907bdddab839fb50fe9commit | diff
qcow2: Avoid integer wraparound in qcow2_co_truncate()

After commit f01643fb8b47e8a70c04bbf45e0f12a9e5bc54de when an image is
extended and BDRV_REQ_ZERO_WRITE is set then the new clusters are
zeroized.

The code however does not detect correctly situations when the old and
the new end of the image are within the same cluster. The problem can
be reproduced with these steps:

   qemu-img create -f qcow2 backing.qcow2 1M
   qemu-img create -f qcow2 -F qcow2 -b backing.qcow2 top.qcow2
   qemu-img resize --shrink top.qcow2 520k
   qemu-img resize top.qcow2 567k

In the last step offset - zero_start causes an integer wraparound.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200504155217.10325-1-berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
block/qcow2.c diff | blob | history
tests/qemu-iotests/292 [new file with mode: 0755] blob
tests/qemu-iotests/292.out [new file with mode: 0644] blob
tests/qemu-iotests/group diff | blob | history
About OSDN
Find Software
Develop Software
Help