Passing a request size larger than INT_MAX to any of the I/O commands results in an error. While 'read' and 'write' handle the error correctly, 'aio_read' and 'aio_write' hit an assertion:
blk_aio_read_entry: Assertion `rwco->qiov->size == acb->bytes' failed. The reason is that the QEMU I/O code cannot handle request sizes larger than INT_MAX, so this patch makes qemu-io check that all values are within range. Signed-off-by: Alberto Garcia <be...@igalia.com> --- qemu-io-cmds.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c index 95bcde1d88..d806a83076 100644 --- a/qemu-io-cmds.c +++ b/qemu-io-cmds.c @@ -388,9 +388,14 @@ create_iovec(BlockBackend *blk, QEMUIOVector *qiov, char **argv, int nr_iov, goto fail; } - if (len > SIZE_MAX) { - printf("Argument '%s' exceeds maximum size %llu\n", arg, - (unsigned long long)SIZE_MAX); + if (len > INT_MAX) { + printf("Argument '%s' exceeds maximum size %d\n", arg, INT_MAX); + goto fail; + } + + if (count > INT_MAX - len) { + printf("The total number of bytes exceed the maximum size %d\n", + INT_MAX); goto fail; } @@ -682,9 +687,8 @@ static int read_f(BlockBackend *blk, int argc, char **argv) if (count < 0) { print_cvtnum_err(count, argv[optind]); return 0; - } else if (count > SIZE_MAX) { - printf("length cannot exceed %" PRIu64 ", given %s\n", - (uint64_t) SIZE_MAX, argv[optind]); + } else if (count > INT_MAX) { + printf("length cannot exceed %d, given %s\n", INT_MAX, argv[optind]); return 0; } @@ -1004,9 +1008,8 @@ static int write_f(BlockBackend *blk, int argc, char **argv) if (count < 0) { print_cvtnum_err(count, argv[optind]); return 0; - } else if (count > SIZE_MAX) { - printf("length cannot exceed %" PRIu64 ", given %s\n", - (uint64_t) SIZE_MAX, argv[optind]); + } else if (count > INT_MAX) { + printf("length cannot exceed %d, given %s\n", INT_MAX, argv[optind]); return 0; } -- 2.11.0