motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-05 00:33:55 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

util/iov: make qemu_iovec_init_extended() honest

Browse source 
Actually, we can't extend the io vector in all cases. Handle possible
MAX_IOV and size_t overflows.

For now add assertion to callers (actually they rely on success anyway)
and fix them in the following patch.

Add also some additional good assertions to qemu_iovec_init_slice()
while being here.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201211183934.169161-3-vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
This commit is contained in:
Vladimir Sementsov-Ogievskiy 2020-12-11 21:39:20 +03:00 committed by Eric Blake
parent 69b55e03f7
commit 4c002cef0e
3 changed files with 31 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
block/io.c
View file

@ -1680,13 +1680,17 @@ static bool bdrv_pad_request(BlockDriverState *bs,
int64_t *offset, unsigned int *bytes,
BdrvRequestPadding *pad)
{
int ret;
if (!bdrv_init_padding(bs, *offset, *bytes, pad)) {
return false;
}
qemu_iovec_init_extended(&pad->local_qiov, pad->buf, pad->head,
*qiov, *qiov_offset, *bytes,
pad->buf + pad->buf_len - pad->tail, pad->tail);
ret = qemu_iovec_init_extended(&pad->local_qiov, pad->buf, pad->head,
*qiov, *qiov_offset, *bytes,
pad->buf + pad->buf_len - pad->tail,
pad->tail);
assert(ret == 0);
*bytes += pad->head + pad->tail;
*offset -= pad->head;
*qiov = &pad->local_qiov;