[PATCH] storage_file_probe: change maximum len value in vmdk4GetBackingStore

Wed Mar 29 10:09:02 UTC 2023

From: Anastasia Belova <abelova at astralinux.ru>

desc length should be always less than VIR_STORAGE_MAX_HEADER.
If len = VIR_STORAGE_MAX_HEADER, desc may be out of bounds.

Fixes: 296032bfb2 ("util: extract storage file probe code into virtstoragefileprobe.c")
Signed-off-by: Anastasia Belova <abelova at astralinux.ru>
---
 src/storage_file/storage_file_probe.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/storage_file/storage_file_probe.c b/src/storage_file/storage_file_probe.c
index 9465af5d96..0dcc9c2c54 100644
--- a/src/storage_file/storage_file_probe.c
+++ b/src/storage_file/storage_file_probe.c
@@ -586,8 +586,8 @@ vmdk4GetBackingStore(char **res,
         return BACKING_STORE_INVALID;
 
     len = buf_size - 0x200;
-    if (len > VIR_STORAGE_MAX_HEADER)
-        len = VIR_STORAGE_MAX_HEADER;
+    if (len >= VIR_STORAGE_MAX_HEADER)
+        len = VIR_STORAGE_MAX_HEADER - 1;
     memcpy(desc, buf + 0x200, len);
     desc[len] = '\0';
     start = strstr(desc, prefix);
-- 
2.30.2

