qemu-io: Assert failure on the fuzzed qcow2 image
Bug #1354529 reported by
Maria Kustova
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| QEMU |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
'qemu-io -c write' failed on the fuzzed image with missed refcount tables:
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.cow in the same directory
3. Execute
qemu-io copy.img -c 'write 2856960 208896'
Result: qemu-io was killed by SIGIOT with the reason:
qemu-io: block/qcow2-
|| offset_
failed.
qemu.git HEAD 2d591ce2aeebf
Revision history for this message
| Maria Kustova (maria-k-o) wrote | #1 |
Revision history for this message
| Max Reitz (xanclic) wrote | #2 |
Revision history for this message
| Max Reitz (xanclic) wrote | #3 |
| Changed in qemu: | |
| status: | New → Fix Committed |
| Changed in qemu: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Hi,
The problem here is that an L2 table contains an offset which is not aligned on cluster boundaries. To turn the failed assertion into an EIO (and probably we also want to mark the image corrupt), we'd have to verify every single L2 entry when it is read.
We can (and should) most certainly do that, but as it doesn't seem too urgent, it may take some time.
Max