Comment 91 for bug 2059809

Dan Smith (#75): The virtual size also comes from the footer. https://gitlab.com/qemu-project/qemu/-/blob/76db0ea3bf40cfe5ae1cae3cea05ac9cacbf7c26/block/vmdk.c#L1018

Jeremy Stanley (#76): Debian 12 ships version 7.2 and this version does not exhibit this behavior. Rocky Linux 9 ships version 8.0. If I run qemu-img info directly then it does evaluate the driver graph. But if OpenStack runs the command, the (I guess) working path is prepended and qemu-img doesn't recognize the json protocol. I don't know what triggers this behavior and if there is a condition where this does not happen and becomes exploitable.