diff options
| author | Kevin Wolf <kwolf@redhat.com> | 2010-02-17 12:32:59 +0100 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2010-02-19 15:53:54 -0600 |
| commit | 60b1bd4fc5b2f5046b7b64fa5ce9c2930d482eac (patch) | |
| tree | 35787b457af94a947b4f37f71d8c2fcc32b5b0df | |
| parent | 4805bb66969622f86376191c94c4748bce91e6be (diff) | |
| download | focaccia-qemu-60b1bd4fc5b2f5046b7b64fa5ce9c2930d482eac.tar.gz focaccia-qemu-60b1bd4fc5b2f5046b7b64fa5ce9c2930d482eac.zip | |
qemu-img: Fix segfault during rebase
This fixes a possible read beyond the end of the temporary buffers used for comparing data in the old and the new backing file. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
| -rw-r--r-- | qemu-img.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/qemu-img.c b/qemu-img.c index 0db8d4f194..0465e4a3a8 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -1224,7 +1224,7 @@ static int img_rebase(int argc, char **argv) int pnum; if (compare_sectors(buf_old + written * 512, - buf_new + written * 512, n, &pnum)) + buf_new + written * 512, n - written, &pnum)) { ret = bdrv_write(bs, sector + written, buf_old + written * 512, pnum); |