motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-02 23:33:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

qemu-img: fix division by zero in bench_cb() for zero-sized images

Browse source 
This error was discovered by fuzzing qemu-img.

This commit fixes a division by zero error in the bench_cb() function
that occurs when using the bench command with a zero-sized image.

The issue arises because b->image_size can be zero, leading to a
division by zero in the modulo operation (b->offset %= b->image_size).
This patch adds a check for b->image_size == 0 and resets b->offset
to 0 in such cases, preventing the error.

Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Message-ID: <20250318101933.255617-1-gerben@altlinux.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
Denis Rastyogin 2025-03-18 13:19:00 +03:00 committed by Kevin Wolf
parent dfaecc04c4
commit 6b36a57831
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
qemu-img.c
View file

@ -4488,7 +4488,11 @@ static void bench_cb(void *opaque, int ret)
*/
b->in_flight++;
b->offset += b->step;
b->offset %= b->image_size;
if (b->image_size == 0) {
b->offset = 0;
} else {
b->offset %= b->image_size;
}
if (b->write) {
acb = blk_aio_pwritev(b->blk, offset, b->qiov, 0, bench_cb, b);
} else {