ui/curses.c: Ensure we don't read off the end of curses2qemu array
[qemu/kevin.git] / tests / qemu-iotests / 080
blob55044c700bedce5571076319822b20ead8b45a5d
1 #!/bin/bash
3 # qcow2 format input validation tests
5 # Copyright (C) 2013 Red Hat, Inc.
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 2 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 # creator
22 owner=kwolf@redhat.com
24 seq=`basename $0`
25 echo "QA output created by $seq"
27 here=`pwd`
28 status=1 # failure is the default!
30 _cleanup()
32 rm -f $TEST_IMG.snap
33 _cleanup_test_img
35 trap "_cleanup; exit \$status" 0 1 2 3 15
37 # get standard environment, filters and checks
38 . ./common.rc
39 . ./common.filter
41 _supported_fmt qcow2
42 _supported_proto file
43 _supported_os Linux
44 # Internal snapshots are (currently) impossible with refcount_bits=1
45 _unsupported_imgopts 'refcount_bits=1[^0-9]'
47 header_size=104
49 offset_backing_file_offset=8
50 offset_backing_file_size=16
51 offset_l1_size=36
52 offset_l1_table_offset=40
53 offset_refcount_table_offset=48
54 offset_refcount_table_clusters=56
55 offset_nb_snapshots=60
56 offset_snapshots_offset=64
57 offset_header_size=100
58 offset_ext_magic=$header_size
59 offset_ext_size=$((header_size + 4))
61 offset_l2_table_0=$((0x40000))
63 offset_snap1=$((0x70000))
64 offset_snap1_l1_offset=$((offset_snap1 + 0))
65 offset_snap1_l1_size=$((offset_snap1 + 8))
67 echo
68 echo "== Huge header size =="
69 _make_test_img 64M
70 poke_file "$TEST_IMG" "$offset_header_size" "\xff\xff\xff\xff"
71 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
72 poke_file "$TEST_IMG" "$offset_header_size" "\x7f\xff\xff\xff"
73 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
75 echo
76 echo "== Huge unknown header extension =="
77 _make_test_img 64M
78 poke_file "$TEST_IMG" "$offset_backing_file_offset" "\xff\xff\xff\xff\xff\xff\xff\xff"
79 poke_file "$TEST_IMG" "$offset_ext_magic" "\x12\x34\x56\x78"
80 poke_file "$TEST_IMG" "$offset_ext_size" "\x7f\xff\xff\xff"
81 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
82 poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x$(printf %x $offset_ext_size)"
83 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
84 poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x00"
85 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
87 echo
88 echo "== Huge refcount table size =="
89 _make_test_img 64M
90 poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\xff\xff\xff\xff"
91 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
92 poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x02\x00\x01"
93 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
95 echo
96 echo "== Misaligned refcount table =="
97 _make_test_img 64M
98 poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef"
99 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
101 echo
102 echo "== Huge refcount offset =="
103 _make_test_img 64M
104 poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\xff\xff\xff\xff\xff\xff\x00\x00"
105 poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x00\x00\x7f"
106 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
108 echo
109 echo "== Invalid snapshot table =="
110 _make_test_img 64M
111 poke_file "$TEST_IMG" "$offset_nb_snapshots" "\xff\xff\xff\xff"
112 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
113 poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x7f\xff\xff\xff"
114 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
116 poke_file "$TEST_IMG" "$offset_snapshots_offset" "\xff\xff\xff\xff\xff\xff\x00\x00"
117 poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\xff\xff"
118 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
120 poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef"
121 poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\x00\x00"
122 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
124 echo
125 echo "== Hitting snapshot table size limit =="
126 _make_test_img 64M
127 # Put the refcount table in a more or less safe place (16 MB)
128 poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x00\x00\x00\x00\x01\x00\x00\x00"
129 poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x01\x00\x00"
130 { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir
131 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
133 echo
134 echo "== Invalid L1 table =="
135 _make_test_img 64M
136 poke_file "$TEST_IMG" "$offset_l1_size" "\xff\xff\xff\xff"
137 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
138 poke_file "$TEST_IMG" "$offset_l1_size" "\x7f\xff\xff\xff"
139 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
141 poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x7f\xff\xff\xff\xff\xff\x00\x00"
142 poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\xff\xff"
143 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
145 poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef"
146 poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01"
147 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
149 echo
150 echo "== Invalid L1 table (with internal snapshot in the image) =="
151 _make_test_img 64M
152 { $QEMU_IMG snapshot -c foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
153 poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x00"
154 _img_info
156 echo
157 echo "== Invalid backing file size =="
158 _make_test_img 64M
159 poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x10\x00"
160 poke_file "$TEST_IMG" "$offset_backing_file_size" "\xff\xff\xff\xff"
161 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
163 echo
164 echo "== Invalid L2 entry (huge physical offset) =="
165 _make_test_img 64M
166 { $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
167 poke_file "$TEST_IMG" "$offset_l2_table_0" "\xbf\xff\xff\xff\xff\xff\x00\x00"
168 { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
169 poke_file "$TEST_IMG" "$offset_l2_table_0" "\x80\x00\x00\xff\xff\xff\x00\x00"
170 { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
172 echo
173 echo "== Invalid snapshot L1 table =="
174 _make_test_img 64M
175 { $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
176 { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir
177 poke_file "$TEST_IMG" "$offset_snap1_l1_size" "\x10\x00\x00\x00"
178 { $QEMU_IMG convert -s test $TEST_IMG $TEST_IMG.snap; } 2>&1 | _filter_testdir
180 # success, all done
181 echo "*** done"
182 rm -f $seq.full
183 status=0