From 350da942872049d732b6310b56ae9e9f507c85e9 Mon Sep 17 00:00:00 2001 From: Kevin Wolf <kwolf@redhat.com> Date: Tue, 23 Feb 2010 09:48:00 -0300 Subject: [PATCH] qemu-img: Fix segfault during rebase RH-Author: Kevin Wolf <kwolf@redhat.com> Message-id: <1266918480-7652-1-git-send-email-kwolf@redhat.com> Patchwork-id: 7227 O-Subject: [RHEL-5.5 KVM PATCH] qemu-img: Fix segfault during rebase Bugzilla: 563141 RH-Acked-by: Juan Quintela <quintela@redhat.com> RH-Acked-by: Amit Shah <amit.shah@redhat.com> RH-Acked-by: Christoph Hellwig <chellwig@redhat.com> RH-Acked-by: Gleb Natapov <gleb@redhat.com> Bugzilla: 563141 Upstream commit: 60b1bd4fc5b2f5046b7b64fa5ce9c2930d482eac This fixes a possible read beyond the end of the temporary buffers used for comparing data in the old and the new backing file. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> --- qemu/qemu-img.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Signed-off-by: Glauber Costa <glommer@redhat.com> --- qemu/qemu-img.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/qemu/qemu-img.c b/qemu/qemu-img.c index d657f5d..6c2685a 100644 --- a/qemu/qemu-img.c +++ b/qemu/qemu-img.c @@ -1128,7 +1128,7 @@ static int img_rebase(int argc, char **argv) int pnum; if (compare_sectors(buf_old + written * 512, - buf_new + written * 512, n, &pnum)) + buf_new + written * 512, n - written, &pnum)) { ret = bdrv_write(bs, sector + written, buf_old + written * 512, pnum); -- 1.6.6