Bug 485148

Summary: "Cannot open disk image" when using qcow1
Product: [Fedora] Fedora Reporter: Eduardo Habkost <ehabkost>
Component: qemuAssignee: Glauber Costa <gcosta>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: berrange, clalance, dwmw2, ehabkost, gcosta, markmc, quintela, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-16 12:52:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 484343    

Description Eduardo Habkost 2009-02-11 21:09:41 UTC
Steps to reproduce:
$ qemu-img create -f qcow /tmp/qcow.img 1G
$ qemu-kvm -hda /tmp/qcow.img
qemu: could not open disk image /tmp/qcow.img


It is triggered by the CVE-2008-0928 fix. The qcow code tries to read beyond the end of file at this line of block-qcow.c (qcow_open()):

if (bdrv_pread(s->hd, s->l1_table_offset, s->l1_table, s->l1_size * sizeof(uint64_t)) != s->l1_size * sizeof(uint64_t))

Comment 1 Eduardo Habkost 2009-02-11 22:30:02 UTC
Found the issue: qcow is _not_ trying to read beyond the end of file. The issue is that the range check code uses sector counts instead of bytes, and the qcow file size isn't a multiple of sector size. On my test case, the file size is 4144, and qcow tries to read 4096 bytes starting on byte 48.

Comment 2 Eduardo Habkost 2009-02-20 16:08:22 UTC
Fix submitted upstream: http://marc.info/?l=qemu-devel&m=123507873324650

Comment 3 Eduardo Habkost 2009-02-27 18:30:03 UTC
Anthony has posted an alternative (and better) fix: http://marc.info/?l=qemu-devel&m=123575165010024

Comment 4 Daniel Berrangé 2009-03-11 12:40:33 UTC
Reassigning: The kvm package no longer exists in rawhide/F11, since it is now part of 'qemu'.

Comment 5 Daniel Berrangé 2009-03-16 12:52:46 UTC
Fix now in rawhide qemu-0.10-0.9.kvm20090310git.fc11.x86_64