aboutsummaryrefslogtreecommitdiff
path: root/block/raw_bsd.c
diff options
context:
space:
mode:
authorTomáš Golembiovský <tgolembi@redhat.com>2016-11-03 14:47:48 +0100
committerKevin Wolf <kwolf@redhat.com>2016-11-11 15:54:55 +0100
commit40332872fec584d2557ed2c3f48d55d15d95eddb (patch)
tree56c4fbddfd90ab3204da16d10acfcb3162cbaf52 /block/raw_bsd.c
parent11d6fbe05fd67610a7735e5350e4299f93bf7655 (diff)
raw_bsd: move check to prevent overflow
When only offset is specified but no size and the offset is greater than the real size of the containing device an overflow occurs when parsing the options. This overflow is harmless because we do check for this exact situation little bit later, but it leads to an error message with weird values. It is better to do the check is sooner and prevent the overflow. Signed-off-by: Tomáš Golembiovský <tgolembi@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block/raw_bsd.c')
-rw-r--r--block/raw_bsd.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/block/raw_bsd.c b/block/raw_bsd.c
index 7c9bebb507..cf7a5606ed 100644
--- a/block/raw_bsd.c
+++ b/block/raw_bsd.c
@@ -91,6 +91,14 @@ static int raw_read_options(QDict *options, BlockDriverState *bs,
}
s->offset = qemu_opt_get_size(opts, "offset", 0);
+ if (s->offset > real_size) {
+ error_setg(errp, "Offset (%" PRIu64 ") cannot be greater than "
+ "size of the containing file (%" PRId64 ")",
+ s->offset, real_size);
+ ret = -EINVAL;
+ goto end;
+ }
+
if (qemu_opt_find(opts, "size") != NULL) {
s->size = qemu_opt_get_size(opts, "size", 0);
s->has_size = true;
@@ -100,7 +108,7 @@ static int raw_read_options(QDict *options, BlockDriverState *bs,
}
/* Check size and offset */
- if (real_size < s->offset || (real_size - s->offset) < s->size) {
+ if ((real_size - s->offset) < s->size) {
error_setg(errp, "The sum of offset (%" PRIu64 ") and size "
"(%" PRIu64 ") has to be smaller or equal to the "
" actual size of the containing file (%" PRId64 ")",