Documentation states:
"'offset' and 'size' represent an area which must lie entirely
within
the device or file." Enforce the that the buffer lies within fully.
---
src/qemu/qemu_driver.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3109f8a17..bddba6b71 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -11416,6 +11416,7 @@ qemuDomainBlockPeek(virDomainPtr dom,
virDomainDiskDefPtr disk = NULL;
virDomainObjPtr vm;
char *tmpbuf = NULL;
+ ssize_t nread;
int ret = -1;
virCheckFlags(0, -1);
@@ -11442,9 +11443,16 @@ qemuDomainBlockPeek(virDomainPtr dom,
if (qemuDomainStorageFileInit(driver, vm, disk->src) < 0)
goto cleanup;
- if (virStorageFileRead(disk->src, offset, size, &tmpbuf) < 0)
+ if ((nread = virStorageFileRead(disk->src, offset, size, &tmpbuf)) < 0)
goto cleanup;
+ if (nread < size) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("'%s' starting from %llu has only %zd bytes
available"),
+ path, offset, nread);
+ goto cleanup;
+ }
+
memcpy(buffer, tmpbuf, size);
ret = 0;
--
2.14.1