[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 55/69] qcow2: Keep track of the snapshot table length
From: |
Max Reitz |
Subject: |
[PULL 55/69] qcow2: Keep track of the snapshot table length |
Date: |
Mon, 28 Oct 2019 13:14:47 +0100 |
When repairing the snapshot table, we truncate entries that have too
much extra data. This frees up space that we do not have to count
towards the snapshot table size.
Signed-off-by: Max Reitz <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-id: address@hidden
Signed-off-by: Max Reitz <address@hidden>
---
block/qcow2-snapshot.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index 53dc1635ec..582eb3386a 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -68,6 +68,7 @@ static int qcow2_do_read_snapshots(BlockDriverState *bs, bool
repair,
QCowSnapshot *sn;
int i, id_str_size, name_size;
int64_t offset;
+ uint64_t table_length = 0;
int ret;
if (!s->nb_snapshots) {
@@ -82,6 +83,8 @@ static int qcow2_do_read_snapshots(BlockDriverState *bs, bool
repair,
for(i = 0; i < s->nb_snapshots; i++) {
bool truncate_unknown_extra_data = false;
+ table_length = ROUND_UP(table_length, 8);
+
/* Read statically sized part of the snapshot header */
offset = ROUND_UP(offset, 8);
ret = bdrv_pread(bs->file, offset, &h, sizeof(h));
@@ -184,7 +187,16 @@ static int qcow2_do_read_snapshots(BlockDriverState *bs,
bool repair,
offset += name_size;
sn->name[name_size] = '\0';
- if (offset - s->snapshots_offset > QCOW_MAX_SNAPSHOTS_SIZE) {
+ /* Note that the extra data may have been truncated */
+ table_length += sizeof(h) + sn->extra_data_size + id_str_size +
+ name_size;
+ if (!repair) {
+ assert(table_length == offset - s->snapshots_offset);
+ }
+
+ if (table_length > QCOW_MAX_SNAPSHOTS_SIZE ||
+ offset - s->snapshots_offset > INT_MAX)
+ {
ret = -EFBIG;
error_setg(errp, "Snapshot table is too big");
goto fail;
--
2.21.0
- [PULL 47/69] qcow2: Add Error ** to qcow2_read_snapshots(), (continued)
- [PULL 47/69] qcow2: Add Error ** to qcow2_read_snapshots(), Max Reitz, 2019/10/28
- [PULL 51/69] qcow2: Write v3-compliant snapshot list on upgrade, Max Reitz, 2019/10/28
- [PULL 50/69] qcow2: Put qcow2_upgrade() into its own function, Max Reitz, 2019/10/28
- [PULL 53/69] qcow2: Add qcow2_check_fix_snapshot_table(), Max Reitz, 2019/10/28
- [PULL 48/69] qcow2: Keep unknown extra snapshot data, Max Reitz, 2019/10/28
- [PULL 62/69] block/cor: Drop cor_co_truncate(), Max Reitz, 2019/10/28
- [PULL 59/69] iotests: Add peek_file* functions, Max Reitz, 2019/10/28
- [PULL 52/69] qcow2: Separate qcow2_check_read_snapshot_table(), Max Reitz, 2019/10/28
- [PULL 54/69] qcow2: Fix broken snapshot table entries, Max Reitz, 2019/10/28
- [PULL 57/69] qcow2: Repair snapshot table with too many entries, Max Reitz, 2019/10/28
- [PULL 55/69] qcow2: Keep track of the snapshot table length,
Max Reitz <=
- [PULL 58/69] qcow2: Fix v3 snapshot table entry compliancy, Max Reitz, 2019/10/28
- [PULL 61/69] block: Handle filter truncation like native impl., Max Reitz, 2019/10/28
- [PULL 63/69] block: Do not truncate file node when formatting, Max Reitz, 2019/10/28
- [PULL 56/69] qcow2: Fix overly long snapshot tables, Max Reitz, 2019/10/28
- [PULL 65/69] block: Evaluate @exact in protocol drivers, Max Reitz, 2019/10/28
- [PULL 60/69] iotests: Test qcow2's snapshot table handling, Max Reitz, 2019/10/28
- [PULL 64/69] block: Add @exact parameter to bdrv_co_truncate(), Max Reitz, 2019/10/28
- [PULL 67/69] block: Pass truncate exact=true where reasonable, Max Reitz, 2019/10/28
- [PULL 66/69] block: Let format drivers pass @exact, Max Reitz, 2019/10/28
- [PULL 69/69] qemu-iotests: restrict 264 to qcow2 only, Max Reitz, 2019/10/28