motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-07 17:53:56 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

bochs: Fix catalog size check

Browse source 
The old check was off by a factor of 512 and didn't consider cases where
we don't get an exact division. This could lead to an out-of-bounds
array access in seek_to_sector().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Kevin Wolf 2014-04-09 12:10:34 +02:00
parent 28ec11bc88
commit 715c3f60ef
3 changed files with 20 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/qemu-iotests/078
View file

@ -69,10 +69,14 @@ _use_sample_img empty.bochs.bz2
poke_file "$TEST_IMG" "$disk_size_offset" "\x00\xc0\x0f\x00\x00\x00\x00\x7f"
{ $QEMU_IO -c "read 2T 4k" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
_use_sample_img empty.bochs.bz2
poke_file "$TEST_IMG" "$catalog_size_offset" "\x10\x00\x00\x00"
{ $QEMU_IO -c "read 0xfbe00 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
echo
echo "== Negative extent size =="
_use_sample_img empty.bochs.bz2
poke_file "$TEST_IMG" "$extent_size_offset" "\xff\xff\xff\xff"
poke_file "$TEST_IMG" "$extent_size_offset" "\x00\x00\x00\x80"
{ $QEMU_IO -c "read 768k 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
echo