Comment 75 for bug 2059809

> Maybe a naive question, why not patching oslo.utils directly?

Glance does not currently use the oslo.utils stuff. Also, the projects that do still have to do a `qemu-img info` on the file and use the data within, so even if we added the new code into oslo.utils, the projects would have to change to call the extra check. Finally, the more things that have to be patched and released in sequence complicates the process of actually getting the vulnerability plugged. Peer to imageutils.py is exactly where I'd suggest we put it long-term, once we patch this vulnerability.

"The QcowInspector should check the reserved bits as well.

I think we need to be careful not to introduce any false positives either. This is clearly not a full implementation of a QCOW disk driver (and we've seen what happens with those). We're looking for evidence of (un)safety here before we open it with the actual full implementation. If we want to turn this into a more complete "disk inspection" implementation later then that's fine. However, I certainly don't want to introduce additional checks that end up with an operator having to decide between rejecting some valid disks and having the vulnerability plugged.

"The VMDKInspector has an incomplete check. In addition to the header at the beginning"

That may be, but currently the format inspector's support for VMDK only handles grabbing the virtual_size, which is what this stuff was designed to do in the first place. I assume that after this we're going to extend it with safety checks for all the other formats, but I think we should keep the scope of the changes to what we need for the issue at hand. Earlier you seemed to suspect that VMDK could be similarly vulnerable, but didn't have proof, right? I think we specifically need to know if the "info" operation with qemu-img is vulnerable with the other formats before we go down the path of addressing them in the context of this bug report.