On 08/07/2017 05:30 PM, Eric Blake wrote:
vpc_open() was checking for bdrv_getlength() failure in one, but
not the other, location.
Reported-by: Markus Armbruster <arm...@redhat.com>
Signed-off-by: Eric Blake <ebl...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
block/vpc.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/block/vpc.c b/block/vpc.c
index 574879ba7c..468d10ec1c 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -219,6 +219,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options,
int flags,
uint64_t pagetable_size;
int disk_type = VHD_DYNAMIC;
int ret;
+ int64_t bs_size;
bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
false, errp);
@@ -411,7 +412,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options,
int flags,
}
}
- if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) {
+ bs_size = bdrv_getlength(bs->file->bs);
+ if (bs_size < 0) {
+ error_setg_errno(errp, -bs_size, "unable to learn image size");
+ ret = bs_size;
+ goto fail;
+ }
+ if (s->free_data_block_offset > bs_size) {
error_setg(errp, "block-vpc: free_data_block_offset points after "
"the end of file. The image has been
truncated.");
ret = -EINVAL;
