aboutsummaryrefslogtreecommitdiff
path: root/block/raw-posix.c
diff options
context:
space:
mode:
authorKevin Wolf <kwolf@redhat.com>2010-01-22 14:26:38 +0100
committerAnthony Liguori <aliguori@us.ibm.com>2010-01-26 16:41:07 -0600
commit053965c7ff5b260672719884e644ce4117d01995 (patch)
tree0796fd4464b02dadafc2a3ce0e21dcdb35172cf9 /block/raw-posix.c
parentf8a83245d9ec685bc6aa6173d6765fe03e20688f (diff)
downloadqemu-053965c7ff5b260672719884e644ce4117d01995.zip
qemu-053965c7ff5b260672719884e644ce4117d01995.tar.gz
qemu-053965c7ff5b260672719884e644ce4117d01995.tar.bz2
block/raw-posix: Abort on pread beyond end of non-growable file
This shouldn't happen under any normal circumstances. However, it looks like it's possible to achieve this with corrupted images. Without this patch raw_pread is hanging in an endless loop in such cases. The patch is not affecting growable files, for which such reads happen in normal use cases. raw_pread_aligned already handles these cases and won't return zero in the first place. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'block/raw-posix.c')
-rw-r--r--block/raw-posix.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/block/raw-posix.c b/block/raw-posix.c
index 96f2617..7ce72e9 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -391,8 +391,12 @@ static int raw_pread(BlockDriverState *bs, int64_t offset,
size = ALIGNED_BUFFER_SIZE;
ret = raw_pread_aligned(bs, offset, s->aligned_buf, size);
- if (ret < 0)
+ if (ret < 0) {
return ret;
+ } else if (ret == 0) {
+ fprintf(stderr, "raw_pread: read beyond end of file\n");
+ abort();
+ }
size = ret;
if (size > count)