From: Thomas Huth <[email protected]> The code in vpc.c uses BDRVVPCState->footer.type in various places to decide whether the image is a fixed-size (VHD_FIXED) or a dynamic (VHD_DYNAMIC) image. However, we never check that this field really contains VHD_FIXED if we detected a fixed size image in vpc_open(), so a wrong value here could cause quite some trouble during runtime.
Suggested-by: Kevin Wolf <[email protected]> Signed-off-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Signed-off-by: Hanna Reitz <[email protected]> --- block/vpc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/block/vpc.c b/block/vpc.c index 1b4c7333af..297a26262a 100644 --- a/block/vpc.c +++ b/block/vpc.c @@ -276,7 +276,8 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, if (ret < 0) { goto fail; } - if (strncmp(footer->creator, "conectix", 8)) { + if (strncmp(footer->creator, "conectix", 8) || + be32_to_cpu(footer->type) != VHD_FIXED) { error_setg(errp, "invalid VPC image"); ret = -EINVAL; goto fail; -- 2.31.1
