From: Kefu Chai <kchai@redhat.com>
Date: Wed, 27 Apr 2016 16:59:34 +0000 (+0800)
Subject: librbd: does not crash if image header is too short
X-Git-Tag: v10.2.1~34^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=a2eb187658d045160fb85f6c1d9437eaa49f0830;p=ceph.git

librbd: does not crash if image header is too short

if something goes wrong with the object, and returns a chunk shorter
than expected, don't panic

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 7b52183addda83f98c8b1f37d3de20ca0fc4687b)
---

diff --git a/src/librbd/internal.cc b/src/librbd/internal.cc
index 5276052c519..dab665147c4 100644
--- a/src/librbd/internal.cc
+++ b/src/librbd/internal.cc
@@ -523,7 +523,8 @@ remove_mirroring_image:
       off += r;
     } while (r == READ_SIZE);
 
-    if (memcmp(RBD_HEADER_TEXT, header.c_str(), sizeof(RBD_HEADER_TEXT))) {
+    if (header.length() < sizeof(RBD_HEADER_TEXT) ||
+	memcmp(RBD_HEADER_TEXT, header.c_str(), sizeof(RBD_HEADER_TEXT))) {
       CephContext *cct = (CephContext *)io_ctx.cct();
       lderr(cct) << "unrecognized header format" << dendl;
       return -ENXIO;