motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-12-24 08:28:37 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/block
History
Pierrick Bouvier 0cb3ff7c22 vvfat: fix ubsan issue in create_long_filename 
Found with test sbsaref introduced in [1].

[1] https://patchew.org/QEMU/20241203213629.2482806-1-pierrick.bouvier@linaro.org/

../block/vvfat.c:433:24: runtime error: index 14 out of bounds for type 'uint8_t [11]'
    #0 0x56151a66b93a in create_long_filename ../block/vvfat.c:433
    #1 0x56151a66f3d7 in create_short_and_long_name ../block/vvfat.c:725
    #2 0x56151a670403 in read_directory ../block/vvfat.c:804
    #3 0x56151a674432 in init_directories ../block/vvfat.c:964
    #4 0x56151a67867b in vvfat_open ../block/vvfat.c:1258
    #5 0x56151a3b8e19 in bdrv_open_driver ../block.c:1660
    #6 0x56151a3bb666 in bdrv_open_common ../block.c:1985
    #7 0x56151a3cadb9 in bdrv_open_inherit ../block.c:4153
    #8 0x56151a3c8850 in bdrv_open_child_bs ../block.c:3731
    #9 0x56151a3ca832 in bdrv_open_inherit ../block.c:4098
    #10 0x56151a3cbe40 in bdrv_open ../block.c:4248
    #11 0x56151a46344f in blk_new_open ../block/block-backend.c:457
    #12 0x56151a388bd9 in blockdev_init ../blockdev.c:612
    #13 0x56151a38ab2d in drive_new ../blockdev.c:1006
    #14 0x5615190fca41 in drive_init_func ../system/vl.c:649
    #15 0x56151aa796dd in qemu_opts_foreach ../util/qemu-option.c:1135
    #16 0x5615190fd2b6 in configure_blockdev ../system/vl.c:708
    #17 0x56151910a307 in qemu_create_early_backends ../system/vl.c:2004
    #18 0x561519113fcf in qemu_init ../system/vl.c:3685
    #19 0x56151a7e438e in main ../system/main.c:47
    #20 0x7f72d1a46249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #21 0x7f72d1a46304 in __libc_start_main_impl ../csu/libc-start.c:360
    #22 0x561517e98510 in _start (/home/user/.work/qemu/build/qemu-system-aarch64+0x3b9b510)

The offset used can easily go beyond entry->name size. It's probably a
bug, but I don't have the time to dive into vfat specifics for now.

This change solves the ubsan issue, and is functionally equivalent, as
anything written past the entry->name array would not be read anyway.

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-12-28 14:42:52 +03:00
..
export include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
monitor include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
accounting.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
aio_task.c block: Remove unused aio_task_pool_empty 2024-09-30 10:53:18 +03:00
amend.c block: Mark BlockDriver callbacks for amend job GRAPH_RDLOCK 2023-05-10 14:16:54 +02:00
backup.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
blkdebug.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
blkio.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
blklogwrites.c block/blklogwrites: Protect mutable driver state with a mutex. 2024-01-26 11:16:58 +01:00
blkreplay.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
blkverify.c block: remove separate bdrv_file_open callback 2024-06-28 14:44:51 +02:00
block-backend.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
block-copy.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
block-gen.h block-coroutine-wrapper.py: support also basic return types 2022-12-15 16:07:43 +01:00
block-ram-registrar.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
bochs.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
cloop.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
commit.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
copy-before-write.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
copy-before-write.h backup: add minimum cluster size to performance options 2024-09-30 10:53:08 +03:00
copy-on-read.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
copy-on-read.h block: Mark bdrv_(un)freeze_backing_chain() and callers GRAPH_RDLOCK 2023-11-07 19:14:19 +01:00
coroutines.h include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
create.c include: Include missing 'qemu/clang-tsa.h' header 2024-12-20 17:44:57 +01:00
crypto.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
crypto.h block: Support detached LUKS header creation using qemu-img 2024-02-09 12:50:37 +00:00
curl.c block/curl: rewrite http header parsing function 2024-07-17 14:04:15 +03:00
dirty-bitmap.c block: Mark bdrv_*_dirty_bitmap() and callers GRAPH_RDLOCK 2023-02-23 19:49:32 +01:00
dmg-bz2.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
dmg-lzfse.c block/dmg: Ignore C99 prototype declaration mismatch from <lzfse.h> 2023-03-30 15:03:36 +02:00
dmg.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
dmg.h block/dmg: Declare a type definition for DMG uncompress function 2023-04-24 13:53:44 -04:00
file-posix.c block: fix -Werror=maybe-uninitialized false-positive 2024-10-02 16:14:29 +04:00
file-win32.c block: remove separate bdrv_file_open callback 2024-06-28 14:44:51 +02:00
filter-compress.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
gluster.c block/gluster: Use g_autofree for string in qemu_gluster_parse_json() 2024-10-22 17:52:49 +02:00
graph-lock.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
io.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
io_uring.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
iscsi-opts.c modules: add block module annotations 2021-07-09 18:20:27 +02:00
iscsi.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
linux-aio.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
meson.build include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
mirror.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
nbd.c block: remove separate bdrv_file_open callback 2024-06-28 14:44:51 +02:00
nfs.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
null.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
nvme.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
parallels-ext.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 2024-09-10 14:02:16 +02:00
parallels.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
parallels.h block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
preallocate.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
progress_meter.c coroutine: Clean up superfluous inclusion of qemu/lockable.h 2023-01-19 10:18:28 +01:00
qapi-system.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
qapi.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
qcow.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
qcow2-bitmap.c block/qcow2-bitmap: Replace g_memdup() by g_memdup2() 2024-05-08 19:11:34 +02:00
qcow2-cache.c qcow2: Mark qcow2_signal_corruption() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
qcow2-cluster.c qcow2: Take locks for accessing bs->file 2023-11-08 17:56:17 +01:00
qcow2-refcount.c qcow2: Mark qcow2_signal_corruption() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
qcow2-snapshot.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
qcow2-threads.c thread-pool: avoid passing the pool parameter every time 2023-04-25 13:17:28 +02:00
qcow2.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
qcow2.h qcow2: Take locks for accessing bs->file 2023-11-08 17:56:17 +01:00
qed-check.c qed: mark more functions as coroutine_fns and GRAPH_RDLOCK 2023-06-28 09:46:20 +02:00
qed-cluster.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-l2-cache.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qed-table.c block: use bdrv_co_debug_event in coroutine context 2023-06-28 09:46:34 +02:00
qed.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
qed.h block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
quorum.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 2024-09-10 14:02:16 +02:00
raw-format.c raw-format: Fix error message for invalid offset/size 2024-10-22 17:52:49 +02:00
rbd.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
replication.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
reqlist.c block/reqlist: allow adding overlapping requests 2024-09-30 10:53:18 +03:00
snapshot-access.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
snapshot.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
ssh.c ssh: Do not switch session to non-blocking mode 2024-11-25 11:03:42 +01:00
stream.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
throttle-groups.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
throttle.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
trace-events nbd/client: Accept 64-bit block status chunks 2023-10-05 11:02:08 -05:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vdi.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
vhdx-endian.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
vhdx-log.c vhdx: Take locks for accessing bs->file 2023-11-08 17:56:18 +01:00
vhdx.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
vhdx.h vhdx: Take locks for accessing bs->file 2023-11-08 17:56:18 +01:00
vmdk.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
vpc.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
vvfat.c vvfat: fix ubsan issue in create_long_filename 2024-12-28 14:42:52 +03:00
win32-aio.c aio: remove aio_disable_external() API 2023-05-30 17:37:26 +02:00
write-threshold.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00