QEMU

qemu-img: Assert for 'amend' command and the fuzzed image

Bug #1357440 reported by Maria Kustova on 2014-08-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Fix Released	Undecided	Unassigned

Bug Description

'qemu-img amend' failed with the assert on the fuzzed image.

Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.vdi in the same directory
3. Execute
qemu-img amend -o compat=0.10 -f qcow2 copy.img

Result: qemu-img was killed by SIGIOT with the reason:

qemu-img: block/qcow2-cluster.c:1598: expand_zero_clusters_in_l1: Assertion `(cluster_index >= 0) && (cluster_index < *nb_clusters)' failed.

qemu.git HEAD 2d591ce2aeebf

Revision history for this message

Maria Kustova (maria-k-o) wrote on 2014-08-15:

images.n.traces.tar.gz Edit (1.3 MiB, application/x-tar)

Revision history for this message

Max Reitz (xanclic) wrote on 2014-08-16:

Hi,

This issue should be fixed by my "[PATCH v3 0/7] block/qcow2: Improve zero cluster expansion" series.

However, there are similar issues in qemu, so we'll probably need a function to quickly mark an image corrupt instead of throwing these assertions.

Max

Revision history for this message

Max Reitz (xanclic) wrote on 2014-11-20:

Hi,

This issue has been fixed in master (af3ff19b48f0bbf3a8bd35c47460358e8c6ae5e5, 2.2.0-rc2):

$ ./qemu-img amend -o compat=0.10 -f qcow2 copy.img
qemu-img: Error while amending options: File too large

Thanks for your report,

Max

Changed in qemu:
status:	New → Fix Committed

Thomas Huth (th-huth) on 2016-06-21

Changed in qemu:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

images.n.traces.tar.gz Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.