On Mon, Aug 07, 2017 at 03:30:04PM -0500, Eric Blake wrote: > vpc_open() was checking for bdrv_getlength() failure in one, but > not the other, location. > > Reported-by: Markus Armbruster <arm...@redhat.com> > Signed-off-by: Eric Blake <ebl...@redhat.com> > --- > block/vpc.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/block/vpc.c b/block/vpc.c > index 574879ba7c..468d10ec1c 100644 > --- a/block/vpc.c > +++ b/block/vpc.c > @@ -219,6 +219,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, > int flags, > uint64_t pagetable_size; > int disk_type = VHD_DYNAMIC; > int ret; > + int64_t bs_size; > > bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file, > false, errp); > @@ -411,7 +412,13 @@ static int vpc_open(BlockDriverState *bs, QDict > *options, int flags, > } > } > > - if (s->free_data_block_offset > bdrv_getlength(bs->file->bs)) { > + bs_size = bdrv_getlength(bs->file->bs); > + if (bs_size < 0) { > + error_setg_errno(errp, -bs_size, "unable to learn image size"); > + ret = bs_size; > + goto fail; > + } > + if (s->free_data_block_offset > bs_size) { > error_setg(errp, "block-vpc: free_data_block_offset points after > " > "the end of file. The image has been > truncated."); > ret = -EINVAL; > -- > 2.13.4 > >
Reviewed-by: Jeff Cody <jc...@redhat.com>