aboutsummaryrefslogtreecommitdiff
path: root/qemu-img.c
diff options
context:
space:
mode:
authorKevin Wolf <kwolf@redhat.com>2010-02-17 12:32:59 +0100
committerAnthony Liguori <aliguori@us.ibm.com>2010-02-19 15:53:54 -0600
commit60b1bd4fc5b2f5046b7b64fa5ce9c2930d482eac (patch)
tree35787b457af94a947b4f37f71d8c2fcc32b5b0df /qemu-img.c
parent4805bb66969622f86376191c94c4748bce91e6be (diff)
downloadqemu-60b1bd4fc5b2f5046b7b64fa5ce9c2930d482eac.zip
qemu-60b1bd4fc5b2f5046b7b64fa5ce9c2930d482eac.tar.gz
qemu-60b1bd4fc5b2f5046b7b64fa5ce9c2930d482eac.tar.bz2
qemu-img: Fix segfault during rebase
This fixes a possible read beyond the end of the temporary buffers used for comparing data in the old and the new backing file. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'qemu-img.c')
-rw-r--r--qemu-img.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/qemu-img.c b/qemu-img.c
index 0db8d4f..0465e4a 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1224,7 +1224,7 @@ static int img_rebase(int argc, char **argv)
int pnum;
if (compare_sectors(buf_old + written * 512,
- buf_new + written * 512, n, &pnum))
+ buf_new + written * 512, n - written, &pnum))
{
ret = bdrv_write(bs, sector + written,
buf_old + written * 512, pnum);