qed: Make qiov match request size until backing file EOF

If a QED image has a shorter backing file and a read request to unallocated clusters goes across EOF of the backing file, the backing file sees a shortened request and the rest is filled with zeros. However, the original too long qiov was used with the shortened request. This patch makes the qiov size match the request size, avoiding a potential buffer overflow in raw-posix. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
author: Kevin Wolf <kwolf@redhat.com> 2014-07-04 17:11:28 +0200
committer: Kevin Wolf <kwolf@redhat.com> 2014-07-14 12:03:20 +0200
commit: f06ee3d4aa547df8d7d2317b2b6db7a88c1f3744 (patch)
tree: d334ecfe630780d495e55443038ab140085373af /block/qed.h
parent: 44deba5a52576508f27edadf953e435141e2a76a (diff)
download: qemu-f06ee3d4aa547df8d7d2317b2b6db7a88c1f3744.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/block/qed.h b/block/qed.h
index b0247515da..2b0e724e05 100644
--- a/block/qed.h
+++ b/block/qed.h
@@ -142,6 +142,7 @@ typedef struct QEDAIOCB {
 
     /* Current cluster scatter-gather list */
     QEMUIOVector cur_qiov;
+    QEMUIOVector *backing_qiov;
     uint64_t cur_pos;               /* position on block device, in bytes */
     uint64_t cur_cluster;           /* cluster offset in image file */
     unsigned int cur_nclusters;     /* number of clusters being accessed */
author	Kevin Wolf <kwolf@redhat.com>	2014-07-04 17:11:28 +0200
committer	Kevin Wolf <kwolf@redhat.com>	2014-07-14 12:03:20 +0200
commit	f06ee3d4aa547df8d7d2317b2b6db7a88c1f3744 (patch)
tree	d334ecfe630780d495e55443038ab140085373af /block/qed.h
parent	44deba5a52576508f27edadf953e435141e2a76a (diff)
download	qemu-f06ee3d4aa547df8d7d2317b2b6db7a88c1f3744.tar.gz