From f58d2a04338edc647e2334ff58b49508424e3f3b Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 17 May 2022 13:20:17 +0100 Subject: [PATCH] scan: Fix bound so we don't try to prefetch beyond end of disk An off-by-one error in the bound could cause the filter to try to prefetch beyond the end of the underlying plugin. This would cause nbdkit to crash with this assertion failure: nbdkit: backend.c:782: backend_cache: Assertion `backend_valid_range (c, offset, count)' failed. The sequence of events was: - scan filter background thread started - client reads to the end of the disk - background thread skips ahead to end of disk (offset == size) - background thread tries to prefetch from this point In the final step the calculations caused to the background thread to prefetch a scan-size block beyond the end of the plugin. Fixes: commit 65c20a09ceacb4431986a2982f2c2e746df63fcb (cherry picked from commit 953643429b8c57b4dd20a6c0e5b83704ae9a0e88) --- filters/scan/bgthread.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/filters/scan/bgthread.c b/filters/scan/bgthread.c index 384e79b6..5fa5f27f 100644 --- a/filters/scan/bgthread.c +++ b/filters/scan/bgthread.c @@ -113,12 +113,12 @@ scan_thread (void *vp) } adjust_clock (offset); - if (offset > size) - continue; - /* Issue the next prefetch. */ - n = MIN (scan_size, size - offset); - ctrl->next->cache (ctrl->next, n, offset, 0, NULL); + if (offset < size) { + /* Issue the next prefetch. */ + n = MIN (scan_size, size - offset); + ctrl->next->cache (ctrl->next, n, offset, 0, NULL); + } } if (scan_forever) { -- 2.31.1