Steps to reproduce: $ qemu-img create -f qcow /tmp/qcow.img 1G $ qemu-kvm -hda /tmp/qcow.img qemu: could not open disk image /tmp/qcow.img It is triggered by the CVE-2008-0928 fix. The qcow code tries to read beyond the end of file at this line of block-qcow.c (qcow_open()): if (bdrv_pread(s->hd, s->l1_table_offset, s->l1_table, s->l1_size * sizeof(uint64_t)) != s->l1_size * sizeof(uint64_t))
Found the issue: qcow is _not_ trying to read beyond the end of file. The issue is that the range check code uses sector counts instead of bytes, and the qcow file size isn't a multiple of sector size. On my test case, the file size is 4144, and qcow tries to read 4096 bytes starting on byte 48.
Fix submitted upstream: http://marc.info/?l=qemu-devel&m=123507873324650
Anthony has posted an alternative (and better) fix: http://marc.info/?l=qemu-devel&m=123575165010024
Reassigning: The kvm package no longer exists in rawhide/F11, since it is now part of 'qemu'.
Fix now in rawhide qemu-0.10-0.9.kvm20090310git.fc11.x86_64