Bug 251330
Summary: | [XEN] qcow-create doesn't work | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Zhao Yunfeng <yunfeng.zhao> | ||||
Component: | xen | Assignee: | Xen Maintainance List <xen-maint> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 5.1 | CC: | sputhenp, tao, yongkang.you | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-03-25 20:55:57 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Zhao Yunfeng
2007-08-08 13:14:30 UTC
Upstream bug opened: http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1077 The code in question does: block-qcow.c ... 1215 int qcow_create(const char *filename, uint64_t total_size, 1216 const char *backing_file, int sparse) 1217 { 1218 int fd, header_size, backing_filename_len, l1_size, i; 1219 int shift, length, adjust, flags = 0, ret = 0; 1220 QCowHeader header; 1221 QCowHeader_ext exthdr; 1222 char backing_filename[1024], *ptr; 1223 uint64_t tmp, size, total_length; 1224 struct stat st; 1225 1226 DPRINTF("Qcow_create: size %llu\n",(long long unsigned)total_size); ... 1254 } else { 1255 realpath(backing_file, backing_filename); 1256 if (stat(backing_filename, &st) != 0) { 1257 return -1; 1258 } ... On line 1255 glibc can check for backing_filename size which is 1024, see: 25 char * 26 __realpath_chk (const char *buf, char *resolved, size_t resolvedlen) 27 { 28 #ifdef PATH_MAX 29 if (resolvedlen < PATH_MAX) 30 __chk_fail (); 31 32 return __realpath (buf, resolved); 33 #else 34 long int pathmax =__pathconf (buf, _PC_PATH_MAX); 35 if (pathmax != -1) ... If the buffer size is less than PATH_MAX it will print the 'buffer overflow' message and exit with backtrace. The fix is just change block-qcow.c:1222 - char backing_filename[1024], *ptr; + char backing_filename[PATH_MAX], *ptr; which is correct according with realpath(3). -Flavio Created attachment 216381 [details]
Patch to fix realpath buffer size
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. This request was previously evaluated by Red Hat Product Management for inclusion in the current Red Hat Enterprise Linux release, but Red Hat was unable to resolve it in time. This request will be reviewed for a future Red Hat Enterprise Linux release. RHEL5.2 beta still have this issue. xen version: xen-3.0.3-55.el5 Qcow image is used in NAS nad SAN. So I upgrade this bug to High Severity. And it also blocked a lot of automation testing. Automation testing is using qcow image based on NAS to save time for lots of guest OS. OK. This one is actually a dup of 437086; I'll close it as such so we only have one BZ we are working out of. Chris Lalancette *** This bug has been marked as a duplicate of 437086 *** |