diff options
author | Kevin Wolf <kwolf@redhat.com> | 2010-01-22 14:26:38 +0100 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2010-01-26 16:41:07 -0600 |
commit | 053965c7ff5b260672719884e644ce4117d01995 (patch) | |
tree | 0796fd4464b02dadafc2a3ce0e21dcdb35172cf9 | |
parent | f8a83245d9ec685bc6aa6173d6765fe03e20688f (diff) | |
download | qemu-053965c7ff5b260672719884e644ce4117d01995.tar.gz qemu-053965c7ff5b260672719884e644ce4117d01995.tar.bz2 qemu-053965c7ff5b260672719884e644ce4117d01995.zip |
block/raw-posix: Abort on pread beyond end of non-growable file
This shouldn't happen under any normal circumstances. However, it looks like
it's possible to achieve this with corrupted images. Without this patch
raw_pread is hanging in an endless loop in such cases.
The patch is not affecting growable files, for which such reads happen in
normal use cases. raw_pread_aligned already handles these cases and won't
return zero in the first place.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r-- | block/raw-posix.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/block/raw-posix.c b/block/raw-posix.c index 96f26173ef..7ce72e9e4e 100644 --- a/block/raw-posix.c +++ b/block/raw-posix.c @@ -391,8 +391,12 @@ static int raw_pread(BlockDriverState *bs, int64_t offset, size = ALIGNED_BUFFER_SIZE; ret = raw_pread_aligned(bs, offset, s->aligned_buf, size); - if (ret < 0) + if (ret < 0) { return ret; + } else if (ret == 0) { + fprintf(stderr, "raw_pread: read beyond end of file\n"); + abort(); + } size = ret; if (size > count) |