From: Eyal Moscovici <eyal.moscovici@oracle.com>
Date: Wed, 13 May 2020 13:36:27 +0000 (+0300)
Subject: qemu-img: validate image length in img_map
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=8f282e83edd3d1b4ea6e9258f5a4081b490c33cc;p=qemu.git

qemu-img: validate image length in img_map

The code handles this case correctly: we merely skip the loop. However it
is probably best to return an explicit error.

Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Mark Kanda <mark.kanda@oracle.com>
Signed-off-by: Eyal Moscovici <eyal.moscovici@oracle.com>
Message-Id: <20200513133629.18508-3-eyal.moscovici@oracle.com>
[eblake: commit message tweak]
Signed-off-by: Eric Blake <eblake@redhat.com>
---

diff --git a/qemu-img.c b/qemu-img.c
index 5d824fc15f..c88f412333 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3092,6 +3092,11 @@ static int img_map(int argc, char **argv)
     }
 
     length = blk_getlength(blk);
+    if (length < 0) {
+        error_report("Failed to get size for '%s'", filename);
+        return 1;
+    }
+
     while (curr.start + curr.length < length) {
         int64_t offset = curr.start + curr.length;
         int64_t n;