From fcadb4866204fe5788969296ffce682e22109107 Mon Sep 17 00:00:00 2001 From: Alexander Ivanov Date: Tue, 18 Jul 2023 12:44:24 +0200 Subject: parallels: Incorrect data end calculation in parallels_open() The BDRVParallelsState structure contains data_end field that is measured in sectors. In parallels_open() initially this field is set by data_off field from parallels image header. According to the parallels format documentation, data_off field contains an offset, in sectors, from the start of the file to the start of the data area. For "WithoutFreeSpace" images: if data_off is zero, the offset is calculated as the end of the BAT table plus some padding to ensure sector size alignment. The parallels_open() function has code for handling zero value in data_off, but in the result data_end contains the offset in bytes. Replace the alignment to sector size by division by sector size and fix the comparision with s->header_size. Signed-off-by: Alexander Ivanov Reviewed-by: Denis V. Lunev Reviewed-by: Hanna Czenczek Signed-off-by: Denis V. Lunev --- block/parallels.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'block/parallels.c') diff --git a/block/parallels.c b/block/parallels.c index c7b2ed5a54..3c0dca3dbf 100644 --- a/block/parallels.c +++ b/block/parallels.c @@ -865,9 +865,9 @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags, } s->data_end = le32_to_cpu(ph.data_off); if (s->data_end == 0) { - s->data_end = ROUND_UP(bat_entry_off(s->bat_size), BDRV_SECTOR_SIZE); + s->data_end = DIV_ROUND_UP(size, BDRV_SECTOR_SIZE); } - if (s->data_end < s->header_size) { + if (s->data_end < (s->header_size >> BDRV_SECTOR_BITS)) { /* * There is not enough unused space to fit to block align between BAT * and actual data. We can't avoid read-modify-write... -- cgit v1.2.3