storagefile: Fix backing format \0 check

From qemu.git docs/interop/qcow2.txt == String header extensions == Some header extensions (such as the backing file format name and the external data file name) are just a single string. In this case, the header extension length is the string length and the string is not '\0' terminated. (The header extension padding can make it look like a string is '\0' terminated, but neither is padding always necessary nor is there a guarantee that zero bytes are used for padding.) So we shouldn't be checking for a \0 byte at the end of the backing format section. I think in practice there always is a \0 but we shouldn't depend on that. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-04 19:41:36 -04:00 · 2019-10-04 19:41:36 -04:00 · 9f0d364755
parent c87784be89
commit 9f0d364755
1 changed files with 12 additions and 6 deletions
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@ -503,15 +503,21 @@ qcow2GetExtensions(const char *buf,
            break;

        switch (magic) {
-        case QCOW2_HDR_EXTENSION_END:
-            goto done;
+        case QCOW2_HDR_EXTENSION_BACKING_FORMAT: {
+            VIR_AUTOFREE(char *) tmp = NULL;
+            if (VIR_ALLOC_N(tmp, len + 1) < 0)
+                return -1;
+            memcpy(tmp, buf + offset, len);
+            tmp[len] = '\0';

-        case QCOW2_HDR_EXTENSION_BACKING_FORMAT:
-            if (buf[offset+len] != '\0')
-                break;
-            *backingFormat = virStorageFileFormatTypeFromString(buf+offset);
+            *backingFormat = virStorageFileFormatTypeFromString(tmp);
            if (*backingFormat <= VIR_STORAGE_FILE_NONE)
                return -1;
+            break;
+        }
+
+        case QCOW2_HDR_EXTENSION_END:
+            goto done;
        }

        offset += len;