Bug 485148

Summary: "Cannot open disk image" when using qcow1
Product: [Fedora] Fedora Reporter: Eduardo Habkost <ehabkost>
Component: qemuAssignee: Glauber Costa <gcosta>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: berrange, clalance, dwmw2, ehabkost, gcosta, markmc, quintela, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-16 08:52:46 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 484343    

Description Eduardo Habkost 2009-02-11 16:09:41 EST
Steps to reproduce:
$ qemu-img create -f qcow /tmp/qcow.img 1G
$ qemu-kvm -hda /tmp/qcow.img
qemu: could not open disk image /tmp/qcow.img

It is triggered by the CVE-2008-0928 fix. The qcow code tries to read beyond the end of file at this line of block-qcow.c (qcow_open()):

if (bdrv_pread(s->hd, s->l1_table_offset, s->l1_table, s->l1_size * sizeof(uint64_t)) != s->l1_size * sizeof(uint64_t))
Comment 1 Eduardo Habkost 2009-02-11 17:30:02 EST
Found the issue: qcow is _not_ trying to read beyond the end of file. The issue is that the range check code uses sector counts instead of bytes, and the qcow file size isn't a multiple of sector size. On my test case, the file size is 4144, and qcow tries to read 4096 bytes starting on byte 48.
Comment 2 Eduardo Habkost 2009-02-20 11:08:22 EST
Fix submitted upstream: http://marc.info/?l=qemu-devel&m=123507873324650
Comment 3 Eduardo Habkost 2009-02-27 13:30:03 EST
Anthony has posted an alternative (and better) fix: http://marc.info/?l=qemu-devel&m=123575165010024
Comment 4 Daniel Berrange 2009-03-11 08:40:33 EDT
Reassigning: The kvm package no longer exists in rawhide/F11, since it is now part of 'qemu'.
Comment 5 Daniel Berrange 2009-03-16 08:52:46 EDT
Fix now in rawhide qemu-0.10-0.9.kvm20090310git.fc11.x86_64