vmdk: Check descriptor file length when reading it

Since a too small file cannot be a valid VMDK image, and also since the buffer's first 4 bytes will be unconditionally examined by vmdk_open_sparse, let's error out the small file case to be clear. Signed-off-by: Fam Zheng <[email protected]> Reviewed-by: Max Reitz <[email protected]> Reviewed-by: Markus Armbruster <[email protected]> Reviewed-by: Don Koch <[email protected]> Message-id: [email protected] Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Kevin Wolf <[email protected]>
fatenever · Dec 10, 2014 · 03c3359 · 03c3359
1 parent 73b7bca
commit 03c3359
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/block/vmdk.c b/block/vmdk.c
@@ -557,6 +557,14 @@ static char *vmdk_read_desc(BlockDriverState *file, uint64_t desc_offset,
         return NULL;
     }
 
+    if (size < 4) {
+        /* Both descriptor file and sparse image must be much larger than 4
+         * bytes, also callers of vmdk_read_desc want to compare the first 4
+         * bytes with VMDK4_MAGIC, let's error out if less is read. */
+        error_setg(errp, "File is too small, not a valid image");
+        return NULL;
+    }
+
     size = MIN(size, (1 << 20) - 1);  /* avoid unbounded allocation */
     buf = g_malloc(size + 1);