From a2eb187658d045160fb85f6c1d9437eaa49f0830 Mon Sep 17 00:00:00 2001 From: Kefu Chai Date: Thu, 28 Apr 2016 00:59:34 +0800 Subject: [PATCH] librbd: does not crash if image header is too short if something goes wrong with the object, and returns a chunk shorter than expected, don't panic Signed-off-by: Kefu Chai (cherry picked from commit 7b52183addda83f98c8b1f37d3de20ca0fc4687b) --- src/librbd/internal.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/librbd/internal.cc b/src/librbd/internal.cc index 5276052c5190f..dab665147c4f0 100644 --- a/src/librbd/internal.cc +++ b/src/librbd/internal.cc @@ -523,7 +523,8 @@ remove_mirroring_image: off += r; } while (r == READ_SIZE); - if (memcmp(RBD_HEADER_TEXT, header.c_str(), sizeof(RBD_HEADER_TEXT))) { + if (header.length() < sizeof(RBD_HEADER_TEXT) || + memcmp(RBD_HEADER_TEXT, header.c_str(), sizeof(RBD_HEADER_TEXT))) { CephContext *cct = (CephContext *)io_ctx.cct(); lderr(cct) << "unrecognized header format" << dendl; return -ENXIO; -- 2.39.5