From: Eyal Moscovici Date: Wed, 13 May 2020 13:36:27 +0000 (+0300) Subject: qemu-img: validate image length in img_map X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=8f282e83edd3d1b4ea6e9258f5a4081b490c33cc;p=qemu.git qemu-img: validate image length in img_map The code handles this case correctly: we merely skip the loop. However it is probably best to return an explicit error. Reviewed-by: Eric Blake Acked-by: Mark Kanda Signed-off-by: Eyal Moscovici Message-Id: <20200513133629.18508-3-eyal.moscovici@oracle.com> [eblake: commit message tweak] Signed-off-by: Eric Blake --- diff --git a/qemu-img.c b/qemu-img.c index 5d824fc15f..c88f412333 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -3092,6 +3092,11 @@ static int img_map(int argc, char **argv) } length = blk_getlength(blk); + if (length < 0) { + error_report("Failed to get size for '%s'", filename); + return 1; + } + while (curr.start + curr.length < length) { int64_t offset = curr.start + curr.length; int64_t n;