diff options
-rw-r--r-- | block/vpc.c | 18 | ||||
-rw-r--r-- | tcg/tcg.c | 4 | ||||
-rwxr-xr-x | tests/qemu-iotests/135 | 54 | ||||
-rw-r--r-- | tests/qemu-iotests/135.out | 5 | ||||
-rw-r--r-- | tests/qemu-iotests/group | 1 | ||||
-rw-r--r-- | tests/qemu-iotests/sample_images/afl5.img.bz2 | bin | 0 -> 175 bytes |
6 files changed, 78 insertions, 4 deletions
diff --git a/block/vpc.c b/block/vpc.c index 37572ba..3e385d9 100644 --- a/block/vpc.c +++ b/block/vpc.c @@ -168,6 +168,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, uint8_t buf[HEADER_SIZE]; uint32_t checksum; uint64_t computed_size; + uint64_t pagetable_size; int disk_type = VHD_DYNAMIC; int ret; @@ -269,7 +270,17 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } - s->pagetable = qemu_try_blockalign(bs->file, s->max_table_entries * 4); + if (s->max_table_entries > SIZE_MAX / 4 || + s->max_table_entries > (int) INT_MAX / 4) { + error_setg(errp, "Max Table Entries too large (%" PRId32 ")", + s->max_table_entries); + ret = -EINVAL; + goto fail; + } + + pagetable_size = (uint64_t) s->max_table_entries * 4; + + s->pagetable = qemu_try_blockalign(bs->file, pagetable_size); if (s->pagetable == NULL) { ret = -ENOMEM; goto fail; @@ -277,14 +288,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, s->bat_offset = be64_to_cpu(dyndisk_header->table_offset); - ret = bdrv_pread(bs->file, s->bat_offset, s->pagetable, - s->max_table_entries * 4); + ret = bdrv_pread(bs->file, s->bat_offset, s->pagetable, pagetable_size); if (ret < 0) { goto fail; } s->free_data_block_offset = - (s->bat_offset + (s->max_table_entries * 4) + 511) & ~511; + ROUND_UP(s->bat_offset + pagetable_size, 512); for (i = 0; i < s->max_table_entries; i++) { be32_to_cpus(&s->pagetable[i]); @@ -1894,6 +1894,7 @@ static void tcg_reg_alloc_mov(TCGContext *s, const TCGOpDef *def, ts->mem_coherent = 1; } else if (ts->val_type == TEMP_VAL_CONST) { tcg_out_movi(s, itype, ts->reg, ts->val); + ts->mem_coherent = 0; } s->reg_to_temp[ts->reg] = args[1]; ts->val_type = TEMP_VAL_REG; @@ -1920,6 +1921,9 @@ static void tcg_reg_alloc_mov(TCGContext *s, const TCGOpDef *def, } ots->val_type = TEMP_VAL_CONST; ots->val = ts->val; + if (IS_DEAD_ARG(1)) { + temp_dead(s, args[1]); + } } else { /* The code in the first if block should have moved the temp to a register. */ diff --git a/tests/qemu-iotests/135 b/tests/qemu-iotests/135 new file mode 100755 index 0000000..16bf736 --- /dev/null +++ b/tests/qemu-iotests/135 @@ -0,0 +1,54 @@ +#!/bin/bash +# +# Test VPC open of image with large Max Table Entries value. +# +# Copyright (C) 2015 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# creator +owner=jcody@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt vpc +_supported_proto generic +_supported_os Linux + +_use_sample_img afl5.img.bz2 + +echo +echo "=== Verify image open and failure ====" +$QEMU_IMG info "$TEST_IMG" 2>&1| _filter_testdir + +# success, all done +echo "*** done" +rm -f $seq.full +status=0 diff --git a/tests/qemu-iotests/135.out b/tests/qemu-iotests/135.out new file mode 100644 index 0000000..793898b --- /dev/null +++ b/tests/qemu-iotests/135.out @@ -0,0 +1,5 @@ +QA output created by 135 + +=== Verify image open and failure ==== +qemu-img: Could not open 'TEST_DIR/afl5.img': Max Table Entries too large (1073741825) +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 6206765..c430b6c 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -133,3 +133,4 @@ 131 rw auto quick 132 rw auto quick 134 rw auto quick +135 rw auto diff --git a/tests/qemu-iotests/sample_images/afl5.img.bz2 b/tests/qemu-iotests/sample_images/afl5.img.bz2 Binary files differnew file mode 100644 index 0000000..1614348 --- /dev/null +++ b/tests/qemu-iotests/sample_images/afl5.img.bz2 |