From: Kefu Chai <kchai@redhat.com>
Date: Wed, 27 Apr 2016 16:59:34 +0000 (+0800)
Subject: librbd: does not crash if image header is too short
X-Git-Tag: v11.0.0~806^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F8785%2Fhead;p=ceph.git

librbd: does not crash if image header is too short

if something goes wrong with the object, and returns a chunk shorter
than expected, don't panic

Signed-off-by: Kefu Chai <kchai@redhat.com>
---

diff --git a/src/librbd/internal.cc b/src/librbd/internal.cc
index 5276052c5190..dab665147c4f 100644
--- a/src/librbd/internal.cc
+++ b/src/librbd/internal.cc
@@ -523,7 +523,8 @@ remove_mirroring_image:
       off += r;
     } while (r == READ_SIZE);
 
-    if (memcmp(RBD_HEADER_TEXT, header.c_str(), sizeof(RBD_HEADER_TEXT))) {
+    if (header.length() < sizeof(RBD_HEADER_TEXT) ||
+	memcmp(RBD_HEADER_TEXT, header.c_str(), sizeof(RBD_HEADER_TEXT))) {
       CephContext *cct = (CephContext *)io_ctx.cct();
       lderr(cct) << "unrecognized header format" << dendl;
       return -ENXIO;