diff options
| author | Denis Rastyogin <gerben@altlinux.org> | 2025-03-18 13:19:00 +0300 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2025-04-08 12:13:17 +0200 |
| commit | 6b36a578316e3b14a53ae7699571d01b00fc2f8a (patch) | |
| tree | 7d130841894c9e548cc2713d850f5d1f0e4f0559 | |
| parent | dfaecc04c46d298e9ee81bd0ca96d8754f1c27ed (diff) | |
| download | focaccia-qemu-6b36a578316e3b14a53ae7699571d01b00fc2f8a.tar.gz focaccia-qemu-6b36a578316e3b14a53ae7699571d01b00fc2f8a.zip | |
qemu-img: fix division by zero in bench_cb() for zero-sized images
This error was discovered by fuzzing qemu-img. This commit fixes a division by zero error in the bench_cb() function that occurs when using the bench command with a zero-sized image. The issue arises because b->image_size can be zero, leading to a division by zero in the modulo operation (b->offset %= b->image_size). This patch adds a check for b->image_size == 0 and resets b->offset to 0 in such cases, preventing the error. Signed-off-by: Denis Rastyogin <gerben@altlinux.org> Message-ID: <20250318101933.255617-1-gerben@altlinux.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| -rw-r--r-- | qemu-img.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/qemu-img.c b/qemu-img.c index 89c93c1eb5..2044c22a4c 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -4488,7 +4488,11 @@ static void bench_cb(void *opaque, int ret) */ b->in_flight++; b->offset += b->step; - b->offset %= b->image_size; + if (b->image_size == 0) { + b->offset = 0; + } else { + b->offset %= b->image_size; + } if (b->write) { acb = blk_aio_pwritev(b->blk, offset, b->qiov, 0, bench_cb, b); } else { |