aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenis Rastyogin <gerben@altlinux.org>2025-05-06 17:13:37 +0300
committerKevin Wolf <kwolf@redhat.com>2025-05-22 16:54:05 +0200
commitff2ab634e4bb3bddcf5f5ee29e0b46f71e3f4b54 (patch)
tree1ba05898a8990838f1c9f926ede7406afa95dd70
parent5562e214e82ae4bcb0b642cc52b304bdc78a58c3 (diff)
downloadqemu-ff2ab634e4bb3bddcf5f5ee29e0b46f71e3f4b54.zip
qemu-ff2ab634e4bb3bddcf5f5ee29e0b46f71e3f4b54.tar.gz
qemu-ff2ab634e4bb3bddcf5f5ee29e0b46f71e3f4b54.tar.bz2
qemu-img: fix offset calculation in bench
This error was discovered by fuzzing qemu-img. The current offset calculation leads to an EIO error in block/block-backend.c: blk_check_byte_request(): if (offset > len || len - offset < bytes) { return -EIO; } This triggers the error message: "qemu-img: Failed request: Input/output error". Example of the issue: offset: 260076 len: 260096 bytes: 4096 This fix ensures that offset remains within a valid range. Signed-off-by: Denis Rastyogin <gerben@altlinux.org> Message-ID: <20250506141410.100119-1-gerben@altlinux.org> [kwolf: Fixed up integer overflow] Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat
-rw-r--r--qemu-img.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/qemu-img.c b/qemu-img.c
index 76ac5d3..139eeb5 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4488,10 +4488,10 @@ static void bench_cb(void *opaque, int ret)
*/
b->in_flight++;
b->offset += b->step;
- if (b->image_size == 0) {
+ if (b->image_size <= b->bufsize) {
b->offset = 0;
} else {
- b->offset %= b->image_size;
+ b->offset %= b->image_size - b->bufsize;
}
if (b->write) {
acb = blk_aio_pwritev(b->blk, offset, b->qiov, 0, bench_cb, b);
generated by cgit v1.1 at 2025-08-24 03:19:59 +0000