diff options
author | Kevin Wolf <kwolf@redhat.com> | 2014-07-04 17:11:28 +0200 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2014-07-14 12:03:20 +0200 |
commit | f06ee3d4aa547df8d7d2317b2b6db7a88c1f3744 (patch) | |
tree | d334ecfe630780d495e55443038ab140085373af /block/qed.h | |
parent | 44deba5a52576508f27edadf953e435141e2a76a (diff) |
qed: Make qiov match request size until backing file EOF
If a QED image has a shorter backing file and a read request to
unallocated clusters goes across EOF of the backing file, the backing
file sees a shortened request and the rest is filled with zeros.
However, the original too long qiov was used with the shortened request.
This patch makes the qiov size match the request size, avoiding a
potential buffer overflow in raw-posix.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Diffstat (limited to 'block/qed.h')
-rw-r--r-- | block/qed.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/block/qed.h b/block/qed.h index b0247515da..2b0e724e05 100644 --- a/block/qed.h +++ b/block/qed.h @@ -142,6 +142,7 @@ typedef struct QEDAIOCB { /* Current cluster scatter-gather list */ QEMUIOVector cur_qiov; + QEMUIOVector *backing_qiov; uint64_t cur_pos; /* position on block device, in bytes */ uint64_t cur_cluster; /* cluster offset in image file */ unsigned int cur_nclusters; /* number of clusters being accessed */ |