qemu/tests/qemu-iotests
Kevin Wolf afbcc40bee parallels: Fix catalog size integer overflow (CVE-2014-0143)
The first test case would cause a huge memory allocation, leading to a
qemu abort; the second one to a too small malloc() for the catalog
(smaller than s->catalog_size), which causes a read-only out-of-bounds
array access and on big endian hosts an endianess conversion for an
undefined memory area.

The sample image used here is not an original Parallels image. It was
created using an hexeditor on the basis of the struct that qemu uses.
Good enough for trying to crash the driver, but not for ensuring
compatibility.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
..
sample_images parallels: Fix catalog size integer overflow (CVE-2014-0143) 2014-04-01 15:22:35 +02:00
.gitignore .gitignore: ignore tests/qemu-iotests/socket_scm_helper 2013-10-01 16:06:07 +04:00
001 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
001.out
002 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
002.out qemu-iotests: A few more bdrv_pread/pwrite tests 2013-04-15 08:26:18 +02:00
003 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
003.out
004 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
004.out
005 qemu-iotests: Don't run 005 on vmdk split formats 2014-02-14 18:05:39 +01:00
005.out
006
006.out
007 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
007.out
008 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
008.out
009 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
009.out
010 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
010.out
011 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
011.out
012 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
012.out
013 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
013.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
014 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
014.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
015 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
015.out
016 qemu-iotests: enable test 016 and 025 to work with NFS protocol 2014-02-09 09:12:38 +01:00
016.out
017 qemu-iotests: Add _unsupported_imgopts for vmdk subformats 2014-01-22 12:07:16 +01:00
017.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
018 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
018.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
019 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
019.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
020 qemu-iotests: blacklist test 020 for NFS protocol 2014-02-09 09:12:38 +01:00
020.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
021 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
021.out
022
022.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
023 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
023.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
024 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
024.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
025 qemu-iotests: enable test 016 and 025 to work with NFS protocol 2014-02-09 09:12:38 +01:00
025.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
026 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
026.out qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147) 2014-04-01 15:21:03 +02:00
026.out.nocache qemu-iotests: Correct 026 output 2013-10-07 13:23:19 +02:00
027 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
027.out
028 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
028.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
029 qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) 2014-04-01 15:22:35 +02:00
029.out qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) 2014-04-01 15:22:35 +02:00
030 qemu-iotests: Make test case 030, 040 and 055 deterministic 2013-11-29 13:40:37 +01:00
030.out qemu-iotests: add tests for streaming error handling 2012-09-28 19:40:56 +02:00
031 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
031.out qcow2: Add corrupt bit 2013-08-30 15:48:43 +02:00
032 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
032.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
033 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
033.out
034 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
034.out
035 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
035.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
036 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
036.out qcow2: Add corrupt bit 2013-08-30 15:48:43 +02:00
037 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
037.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
038 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
038.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
039 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
039.out qemu-iotests: Adjust test result 039 2013-09-06 15:25:07 +02:00
040 qemu-iotests: Drop assert_no_active_commit in case 040 2014-01-31 22:05:03 +01:00
040.out qemu-iotests: add relative backing file tests for block-commit (040) 2012-10-24 10:26:19 +02:00
041 qemu-iotests: Fix test 041 2013-11-27 07:53:32 -08:00
041.out qemu-iotests: Fix test 041 2013-11-27 07:53:32 -08:00
042 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
042.out qemu-iotests: Test qemu-img operation on zero size image 2012-10-24 10:26:18 +02:00
043 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
043.out qemu-iotests: Add 043 backing file chain infinite loop test 2012-10-24 10:26:19 +02:00
044 qemu-iotests: qcow2: Test growing large refcount table 2012-11-14 18:19:21 +01:00
044.out qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147) 2014-04-01 15:21:03 +02:00
045 qemu-iotests: add tests for runtime fd passing via SCM rights 2013-09-12 10:12:47 +02:00
045.out qemu-iotests: add tests for runtime fd passing via SCM rights 2013-09-12 10:12:47 +02:00
046 qcow2: Set zero flag for discarded clusters 2014-02-21 21:02:21 +01:00
046.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
047 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
047.out qemu-iotests: Filter out 'qemu-io> ' prompt 2013-11-29 17:41:13 +01:00
048 qemu-iotests: Split qcow2 only cases in 048 2013-12-04 14:31:39 +01:00
048.out qemu-iotests: Split qcow2 only cases in 048 2013-12-04 14:31:39 +01:00
049 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
049.out qemu-iotests: Adjustments due to error propagation 2013-09-12 10:12:48 +02:00
050 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
050.out qemu-iotests: add tests for rebasing zero clusters 2013-03-15 16:07:51 +01:00
051 block: Fix error path segfault in bdrv_open() 2014-03-06 17:29:24 +01:00
051.out block: Fix error path segfault in bdrv_open() 2014-03-06 17:29:24 +01:00
052 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
052.out qemu-iotests: add 052 BDRV_O_SNAPSHOT test 2013-03-19 11:48:37 +01:00
053 qemu-iotests: Quote $TEST_IMG* and $TEST_DIR usage 2013-09-27 11:10:45 +02:00
053.out qemu-iotests: add 053 unaligned compressed image size test 2013-04-22 11:37:12 +02:00
054 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
054.out qemu-iotests: Adjustments due to error propagation 2013-09-12 10:12:48 +02:00
055 qemu-iotests: Make test case 030, 040 and 055 deterministic 2013-11-29 13:40:37 +01:00
055.out Add tests for sync modes 'TOP' and 'NONE' 2013-07-26 22:01:31 +02:00
056 Add tests for sync modes 'TOP' and 'NONE' 2013-07-26 22:01:31 +02:00
056.out Add tests for sync modes 'TOP' and 'NONE' 2013-07-26 22:01:31 +02:00
057 qemu-iotests: add 057 internal snapshot for block device test case 2013-09-12 10:12:47 +02:00
057.out qemu-iotests: add 057 internal snapshot for block device test case 2013-09-12 10:12:47 +02:00
058 qemu-iotests: add test for snapshot in qemu-img convert 2013-12-04 15:19:00 +01:00
058.out qemu-iotests: add test for snapshot in qemu-img convert 2013-12-04 15:19:00 +01:00
059 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
059.out vmdk: correctly propagate errors 2014-02-21 21:02:24 +01:00
060 iotests: Test corruption during COW request 2014-03-13 14:23:27 +01:00
060.out iotests: Test corruption during COW request 2014-03-13 14:23:27 +01:00
061 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
061.out qemu-iotests: Preallocated zero clusters in 061 2013-09-27 11:16:36 +02:00
062 qemu-iotests: Snapshotting zero clusters 2013-08-30 15:28:52 +02:00
062.out qemu-iotests: Snapshotting zero clusters 2013-08-30 15:28:52 +02:00
063 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
063.out add qemu-img convert -n option (skip target volume creation) 2013-09-06 15:25:07 +02:00
064 block: qemu-iotests for vhdx, add write test support 2013-11-07 13:58:59 +01:00
064.out block: qemu-iotests for vhdx, add write test support 2013-11-07 13:58:59 +01:00
065 qemu-iotests: Additional info from qemu-img info 2013-10-11 16:49:50 +02:00
065.out qemu-iotests: Additional info from qemu-img info 2013-10-11 16:49:50 +02:00
066 qemu-iotests: Discard preallocated zero clusters 2013-10-11 16:49:59 +02:00
066.out qemu-iotests: Discard preallocated zero clusters 2013-10-11 16:49:59 +02:00
067 qemu-iotests: Filter out actual image size in 067 2013-11-07 13:53:30 +01:00
067.out qemu-iotests: Filter out actual image size in 067 2013-11-07 13:53:30 +01:00
068 qemu-iotests: Test for loading VM state from qcow2 2013-10-25 11:08:20 +02:00
068.out qemu-iotests: Test for loading VM state from qcow2 2013-10-25 11:08:20 +02:00
069 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
069.out block: Print its file name if backing file opening failed 2013-11-14 13:09:06 +01:00
070 block: qemu-iotests - add vhdx log replay tests for qemu-img 2014-02-14 18:05:39 +01:00
070.out block: qemu-iotests - add vhdx log replay tests for qemu-img 2014-02-14 18:05:39 +01:00
071 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
071.out iotests: Test new blkdebug/blkverify interface 2014-01-22 12:07:18 +01:00
072 qemu-iotests: change _supported_proto to file for various tests 2014-02-09 09:12:38 +01:00
072.out iotests: Test file format nesting 2014-01-22 12:07:18 +01:00
073 qemu-iotests: Test qcow2 count_contiguous_clusters() 2013-11-15 13:37:43 +01:00
073.out qemu-iotests: Test qcow2 count_contiguous_clusters() 2013-11-15 13:37:43 +01:00
074 qemu-iotests: Split qcow2 only cases in 048 2013-12-04 14:31:39 +01:00
074.out qemu-iotests: Split qcow2 only cases in 048 2013-12-04 14:31:39 +01:00
075 block/cloop: fix offsets[] size off-by-one 2014-04-01 13:59:47 +02:00
075.out block/cloop: fix offsets[] size off-by-one 2014-04-01 13:59:47 +02:00
076 parallels: Fix catalog size integer overflow (CVE-2014-0143) 2014-04-01 15:22:35 +02:00
076.out parallels: Fix catalog size integer overflow (CVE-2014-0143) 2014-04-01 15:22:35 +02:00
077 qemu-iotest: Make 077 raw-only 2014-02-09 09:12:38 +01:00
077.out qemu-iotests: Test pwritev RMW logic 2014-01-24 17:40:25 +01:00
078 bochs: Check extent_size header field (CVE-2014-0142) 2014-04-01 13:59:47 +02:00
078.out bochs: Check extent_size header field (CVE-2014-0142) 2014-04-01 13:59:47 +02:00
079 qemu-iotests: add test for qcow2 preallocation with different cluster sizes 2014-02-09 09:12:39 +01:00
079.out qemu-iotests: add test for qcow2 preallocation with different cluster sizes 2014-02-09 09:12:39 +01:00
080 qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) 2014-04-01 15:22:35 +02:00
080.out qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) 2014-04-01 15:22:35 +02:00
081 qemu-io-test: Disable Quorum test when not compiled in. 2014-02-28 18:59:07 +01:00
081.out qmp: Make Quorum error events more palatable. 2014-02-28 18:59:06 +01:00
082 qemu-iotests: Check qemu-img command line parsing 2014-02-21 22:10:31 +01:00
082.out qemu-iotests: Check qemu-img command line parsing 2014-02-21 22:10:31 +01:00
083 qemu-iotests: add 083 NBD client disconnect tests 2014-03-14 16:29:02 +01:00
083.out qemu-iotests: add 083 NBD client disconnect tests 2014-03-14 16:29:02 +01:00
084 block: vdi bounds check qemu-io tests 2014-04-01 15:22:35 +02:00
084.out block: vdi bounds check qemu-io tests 2014-04-01 15:22:35 +02:00
085 block: qemu-iotests 085 - live snapshots tests 2014-03-07 11:36:12 +01:00
085.out block: qemu-iotests 085 - live snapshots tests 2014-03-07 11:36:12 +01:00
086 qemu-iotests: Test progress output for conversion 2014-03-05 15:58:32 +01:00
086.out qemu-iotests: Test progress output for conversion 2014-03-05 15:58:32 +01:00
087 blockdev: Refuse to open encrypted image unless paused 2014-03-14 16:24:42 +01:00
087.out blockdev: Refuse to open encrypted image unless paused 2014-03-14 16:24:42 +01:00
088 vpc: Validate block size (CVE-2014-0142) 2014-04-01 13:59:47 +02:00
088.out vpc: Validate block size (CVE-2014-0142) 2014-04-01 13:59:47 +02:00
check qemu-iotests: add 058 internal snapshot export with qemu-nbd case 2013-12-04 15:19:00 +01:00
common parallels: Fix catalog size integer overflow (CVE-2014-0143) 2014-04-01 15:22:35 +02:00
common.config qemu-iotests: Add basic ability to use binary sample images 2013-09-27 10:59:07 +02:00
common.filter qemu-iotests: filter QEMU monitor \r\n 2013-12-06 16:53:51 +01:00
common.pattern block: qemu-iotests, add quotes to $TEST_IMG usage io pattern tests 2013-11-07 13:53:31 +01:00
common.rc qemu-iotests: add ./check -cloop support 2014-04-01 13:59:46 +02:00
COPYING
group parallels: Fix catalog size integer overflow (CVE-2014-0143) 2014-04-01 15:22:35 +02:00
iotests.py qemu-iotests: Honour cache mode in iotests.py 2013-12-04 11:55:13 +01:00
Makefile
nbd-fault-injector.py tests: add nbd-fault-injector.py utility 2014-03-14 16:28:28 +01:00
qcow2.py qcow2.py: Subcommand for changing header fields 2013-05-24 16:17:55 +02:00
qed.py
README
socket_scm_helper.c qemu-iotests: add unix socket help program 2013-09-12 10:12:46 +02:00

=== This is the QEMU I/O test suite ===

* Intro

This package contains a simple test suite for the I/O layer of qemu.
It does not require a guest, but only the qemu, qemu-img and qemu-io
binaries.  This does limit it to exercise the low-level I/O path only
but no actual block drivers like ide, scsi or virtio.

* Usage

Just run ./check to run all tests for the raw image format, or ./check
-qcow2 to test the qcow2 image format.  The output of ./check -h explains
additional options to test further image formats or I/O methods.

* Feedback and patches

Please send improvements to the test suite, general feedback or just
reports of failing tests cases to qemu-devel@savannah.nongnu.org.