aboutsummaryrefslogtreecommitdiff
path: root/tests/qemu-iotests/060
diff options
context:
space:
mode:
authorAlberto Garcia <berto@igalia.com>2017-11-03 16:18:53 +0200
committerMax Reitz <mreitz@redhat.com>2017-11-14 18:06:25 +0100
commit951053a9ec1c47edf4b2549ef58d82aee8a42a7f (patch)
tree7ad3b60159e618506325a63dd64efd0dc083f4d5 /tests/qemu-iotests/060
parent8aa34834d566ba4e635d6029339a5f4f1ae1685e (diff)
qcow2: Don't open images with header.refcount_table_clusters == 0
qcow2_do_open() is checking that header.refcount_table_clusters is not too large, but it doesn't check that it's greater than zero. Apart from the fact that an image like that is obviously corrupted, trying to use it crashes QEMU since we end up with a null s->refcount_table after qcow2_refcount_init(). These images can however be repaired, so allow opening them if the BDRV_O_CHECK flag is set. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: f9750f50c80359babba11062e88f5075a47e8e16.1509718618.git.berto@igalia.com Signed-off-by: Max Reitz <mreitz@redhat.com>
Diffstat (limited to 'tests/qemu-iotests/060')
-rwxr-xr-xtests/qemu-iotests/0607
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/qemu-iotests/060 b/tests/qemu-iotests/060
index c3bce27b33..656af50883 100755
--- a/tests/qemu-iotests/060
+++ b/tests/qemu-iotests/060
@@ -270,6 +270,13 @@ poke_file "$TEST_IMG" "$rb_offset" "\x00\x00\x00\x00\x00\x00\x00\x00"
# write will try to allocate a compressed data cluster at offset 0.
$QEMU_IO -c "write -c 0k 64k" "$TEST_IMG" | _filter_qemu_io
+echo
+echo "=== Testing zero refcount table size ==="
+echo
+_make_test_img 64M
+poke_file "$TEST_IMG" "56" "\x00\x00\x00\x00"
+$QEMU_IO -c "write 0 64k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
+
# success, all done
echo "*** done"
rm -f $seq.full