qemu-img: fix offset calculation in bench - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Denis Rastyogin <gerben@altlinux.org>	2025-05-06 17:13:37 +0300
committer	Kevin Wolf <kwolf@redhat.com>	2025-05-22 16:54:05 +0200
commit	ff2ab634e4bb3bddcf5f5ee29e0b46f71e3f4b54 (patch)
tree	1ba05898a8990838f1c9f926ede7406afa95dd70 /hw/misc/aspeed_hace.c
parent	5562e214e82ae4bcb0b642cc52b304bdc78a58c3 (diff)
download	focaccia-qemu-ff2ab634e4bb3bddcf5f5ee29e0b46f71e3f4b54.tar.gz focaccia-qemu-ff2ab634e4bb3bddcf5f5ee29e0b46f71e3f4b54.zip

qemu-img: fix offset calculation in bench

This error was discovered by fuzzing qemu-img.

The current offset calculation leads to an EIO error
in block/block-backend.c: blk_check_byte_request():

 if (offset > len || len - offset < bytes) {
     return -EIO;
 }

This triggers the error message:
"qemu-img: Failed request: Input/output error".

Example of the issue:
 offset: 260076
 len: 260096
 bytes: 4096

This fix ensures that offset remains within a valid range.

Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Message-ID: <20250506141410.100119-1-gerben@altlinux.org>
[kwolf: Fixed up integer overflow]
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Diffstat (limited to 'hw/misc/aspeed_hace.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: