From eb909c7f72362e3c891d679f6f4eab0885fdb1c1 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 6 Mar 2014 16:34:46 +0100 Subject: [PATCH] block: Fix error path segfault in bdrv_open() Using an invalid option for a block device that is opened with BDRV_O_PROTOCOL led to drv = NULL, and when trying to include the driver name in the error message, qemu dereferenced it: $ x86_64-softmmu/qemu-system-x86_64 -drive file=/tmp/test.qcow2,file.foo=bar Segmentation fault (core dumped) With this patch applied, the expected error message is printed: $ x86_64-softmmu/qemu-system-x86_64 -drive file=/tmp/test.qcow2,file.foo=bar qemu-system-x86_64: -drive file=/tmp/test.qcow2,file.foo=bar: could not open disk image /tmp/test.qcow2: Block protocol 'file' doesn't support the option 'foo' Signed-off-by: Kevin Wolf Reviewed-by: Benoit Canet --- block.c | 1 + tests/qemu-iotests/051 | 9 +++++++++ tests/qemu-iotests/051.out | 15 +++++++++++++++ 3 files changed, 25 insertions(+) diff --git a/block.c b/block.c index e7387f1..f1ef4b0 100644 --- a/block.c +++ b/block.c @@ -1234,6 +1234,7 @@ int bdrv_open(BlockDriverState **pbs, const char *filename, ret = bdrv_file_open(bs, filename, &options, flags & ~BDRV_O_PROTOCOL, &local_err); if (!ret) { + drv = bs->drv; goto done; } else if (bs->drv) { goto close_and_fail; diff --git a/tests/qemu-iotests/051 b/tests/qemu-iotests/051 index 46345fb..14694e1 100755 --- a/tests/qemu-iotests/051 +++ b/tests/qemu-iotests/051 @@ -78,6 +78,15 @@ run_qemu -drive file="$TEST_IMG",format=qcow2,unknown_opt=1234 run_qemu -drive file="$TEST_IMG",format=qcow2,unknown_opt=foo echo +echo === Unknown protocol option === +echo + +run_qemu -drive file="$TEST_IMG",format=qcow2,file.unknown_opt= +run_qemu -drive file="$TEST_IMG",format=qcow2,file.unknown_opt=on +run_qemu -drive file="$TEST_IMG",format=qcow2,file.unknown_opt=1234 +run_qemu -drive file="$TEST_IMG",format=qcow2,file.unknown_opt=foo + +echo echo === Invalid format === echo diff --git a/tests/qemu-iotests/051.out b/tests/qemu-iotests/051.out index 7de1870..f5e33ff 100644 --- a/tests/qemu-iotests/051.out +++ b/tests/qemu-iotests/051.out @@ -17,6 +17,21 @@ Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,unknown_opt=foo QEMU_PROG: -drive file=TEST_DIR/t.qcow2,format=qcow2,unknown_opt=foo: could not open disk image TEST_DIR/t.qcow2: Block format 'qcow2' used by device 'ide0-hd0' doesn't support the option 'unknown_opt' +=== Unknown protocol option === + +Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,file.unknown_opt= +QEMU_PROG: -drive file=TEST_DIR/t.qcow2,format=qcow2,file.unknown_opt=: could not open disk image TEST_DIR/t.qcow2: Block protocol 'file' doesn't support the option 'unknown_opt' + +Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,file.unknown_opt=on +QEMU_PROG: -drive file=TEST_DIR/t.qcow2,format=qcow2,file.unknown_opt=on: could not open disk image TEST_DIR/t.qcow2: Block protocol 'file' doesn't support the option 'unknown_opt' + +Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,file.unknown_opt=1234 +QEMU_PROG: -drive file=TEST_DIR/t.qcow2,format=qcow2,file.unknown_opt=1234: could not open disk image TEST_DIR/t.qcow2: Block protocol 'file' doesn't support the option 'unknown_opt' + +Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,file.unknown_opt=foo +QEMU_PROG: -drive file=TEST_DIR/t.qcow2,format=qcow2,file.unknown_opt=foo: could not open disk image TEST_DIR/t.qcow2: Block protocol 'file' doesn't support the option 'unknown_opt' + + === Invalid format === Testing: -drive file=TEST_DIR/t.qcow2,format=foo -- 2.7.4