[Qemu-devel] [PATCH 104/156] dmg: drop broken bdrv

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 104/156] dmg: drop broken bdrv_pread() loop

From:	Michael Roth
Subject:	[Qemu-devel] [PATCH 104/156] dmg: drop broken bdrv_pread() loop
Date:	Tue, 8 Jul 2014 12:18:15 -0500

From: Stefan Hajnoczi <address@hidden>

It is not necessary to check errno for EINTR and the block layer does
not produce short reads.  Therefore we can drop the loop that attempts
to read a compressed chunk.

The loop is buggy because it incorrectly adds the transferred bytes
twice:

  do {
      ret = bdrv_pread(...);
      i += ret;
  } while (ret >= 0 && ret + i < s->lengths[chunk]);

Luckily we can drop the loop completely and perform a single
bdrv_pread().

Signed-off-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Max Reitz <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit b404bf854217dbe8a5649449eb3ad33777f7d900)
Signed-off-by: Michael Roth <address@hidden>
---
 block/dmg.c | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/block/dmg.c b/block/dmg.c
index f4f3e8e..1cc5426 100644
--- a/block/dmg.c
+++ b/block/dmg.c
@@ -298,21 +298,10 @@ static inline int dmg_read_chunk(BlockDriverState *bs, 
int sector_num)
         s->current_chunk = s->n_chunks;
         switch (s->types[chunk]) {
         case 0x80000005: { /* zlib compressed */
-            int i;
-
             /* we need to buffer, because only the chunk as whole can be
              * inflated. */
-            i = 0;
-            do {
-                ret = bdrv_pread(bs->file, s->offsets[chunk] + i,
-                                 s->compressed_chunk + i,
-                                 s->lengths[chunk] - i);
-                if (ret < 0 && errno == EINTR) {
-                    ret = 0;
-                }
-                i += ret;
-            } while (ret >= 0 && ret + i < s->lengths[chunk]);
-
+            ret = bdrv_pread(bs->file, s->offsets[chunk],
+                             s->compressed_chunk, s->lengths[chunk]);
             if (ret != s->lengths[chunk]) {
                 return -1;
             }
-- 
1.9.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 085/156] vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148), (continued)
- [Qemu-devel] [PATCH 085/156] vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 088/156] qcow2: Check backing_file_offset (CVE-2014-0144), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 087/156] qcow2: Check header_length (CVE-2014-0144), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 089/156] qcow2: Check refcount table size (CVE-2014-0144), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 094/156] qcow2: fix offset overflow in qcow2_alloc_clusters_at(), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 091/156] qcow2: Validate snapshot table offset/size (CVE-2014-0144), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 093/156] qcow2: Fix backing file name length check, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 097/156] qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 099/156] qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 098/156] qcow2: Check new refcount table size on growth, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 104/156] dmg: drop broken bdrv_pread() loop, Michael Roth <=
- [Qemu-devel] [PATCH 105/156] dmg: use appropriate types when reading chunks, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 107/156] dmg: use uint64_t consistently for sectors and lengths, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 110/156] qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 124/156] blockdev: Plug memory leak in blockdev_init(), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 122/156] target-xtensa: fix cross-page jumps/calls at the end of TB, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 123/156] cputlb: Fix regression with TCG interpreter (bug 1310324), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 126/156] block/qapi: Plug memory leak in dump_qobject() case QTYPE_QERROR, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 129/156] block/sheepdog: Plug memory leak in sd_snapshot_create(), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 127/156] block/vvfat: Plug memory leak in check_directory_consistency(), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 125/156] blockdev: Plug memory leak in drive_init(), Michael Roth, 2014/07/08

Prev by Date: [Qemu-devel] [PATCH 098/156] qcow2: Check new refcount table size on growth
Next by Date: [Qemu-devel] [PATCH 105/156] dmg: use appropriate types when reading chunks
Previous by thread: [Qemu-devel] [PATCH 098/156] qcow2: Check new refcount table size on growth
Next by thread: [Qemu-devel] [PATCH 105/156] dmg: use appropriate types when reading chunks
Index(es):
- Date
- Thread