qemu-img: Fix segfault during rebase

This fixes a possible read beyond the end of the temporary buffers used for comparing data in the old and the new backing file. Signed-off-by: N Kevin Wolf <kwolf@redhat.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>

qemu-img: Fix segfault during rebase
This fixes a possible read beyond the end of the temporary buffers used for comparing data in the old and the new backing file. Signed-off-by: N Kevin Wolf <kwolf@redhat.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>
60b1bd4f · Kevin Wolf · Anthony Liguori · 4805bb66 · 60b1bd4f
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

qemu-img.c qemu-img.c +1 -1

未找到文件。
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1224,7 +1224,7 @@ static int img_rebase(int argc, char **argv)
                int pnum;

                if (compare_sectors(buf_old + written * 512,
-                    buf_new + written * 512, n, &pnum))
+                    buf_new + written * 512, n - written, &pnum))
                {
                    ret = bdrv_write(bs, sector + written,
                        buf_old + written * 512, pnum);