From: Kevin Wolf <kwolf@redhat.com>
Date: Wed, 17 Feb 2010 11:32:59 +0000 (+0100)
Subject: qemu-img: Fix segfault during rebase
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=60b1bd4fc5b2f5046b7b64fa5ce9c2930d482eac;p=qemu.git

qemu-img: Fix segfault during rebase

This fixes a possible read beyond the end of the temporary buffers used for
comparing data in the old and the new backing file.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---

diff --git a/qemu-img.c b/qemu-img.c
index 0db8d4f194..0465e4a3a8 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1224,7 +1224,7 @@ static int img_rebase(int argc, char **argv)
                 int pnum;
 
                 if (compare_sectors(buf_old + written * 512,
-                    buf_new + written * 512, n, &pnum))
+                    buf_new + written * 512, n - written, &pnum))
                 {
                     ret = bdrv_write(bs, sector + written,
                         buf_old + written * 512, pnum);