Am 06.04.2016 um 17:14 hat Max Reitz geschrieben: > We reject backing file names with a length of more than 1023 characters > when opening a qcow2 file, so we should not produce such files > ourselves. > > Cc: qemu-sta...@nongnu.org > Signed-off-by: Max Reitz <mre...@redhat.com> > --- > block/qcow2.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/block/qcow2.c b/block/qcow2.c > index 056525c..011a0ae 100644 > --- a/block/qcow2.c > +++ b/block/qcow2.c > @@ -1957,6 +1957,11 @@ int qcow2_update_header(BlockDriverState *bs) > if (s->image_backing_file) { > size_t backing_file_len = strlen(s->image_backing_file); > > + if (backing_file_len > 1023) { > + ret = -EINVAL; > + goto fail; > + } > + > if (buflen < backing_file_len) { > ret = -ENOSPC; > goto fail;
We should probably already check this in qcow2_change_backing_file(), so that s->image_backing_file can never contain anything longer than that. If you like, you can keep an assertion here. The advantage is that in qcow2_change_backing_file() we can fail the operation before all of the variables are updated and therefore become inconsistent with the on-disk state of the image. Kevin