From f58d2a04338edc647e2334ff58b49508424e3f3b Mon Sep 17 00:00:00 2001

From: "Richard W.M. Jones" <rjones@redhat.com>

Date: Tue, 17 May 2022 13:20:17 +0100

Subject: [PATCH] scan: Fix bound so we don't try to prefetch beyond end of

 disk

An off-by-one error in the bound could cause the filter to try to

prefetch beyond the end of the underlying plugin.  This would cause

nbdkit to crash with this assertion failure:

nbdkit: backend.c:782: backend_cache: Assertion `backend_valid_range (c, offset, count)' failed.

The sequence of events was:

 - scan filter background thread started

 - client reads to the end of the disk

 - background thread skips ahead to end of disk (offset == size)

 - background thread tries to prefetch from this point

In the final step the calculations caused to the background thread to

prefetch a scan-size block beyond the end of the plugin.

Fixes: commit 65c20a09ceacb4431986a2982f2c2e746df63fcb

(cherry picked from commit 953643429b8c57b4dd20a6c0e5b83704ae9a0e88)

---

 filters/scan/bgthread.c | 10 +++++-----

 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/filters/scan/bgthread.c b/filters/scan/bgthread.c

index 384e79b6..5fa5f27f 100644

--- a/filters/scan/bgthread.c

+++ b/filters/scan/bgthread.c

@@ -113,12 +113,12 @@ scan_thread (void *vp)

     }

     adjust_clock (offset);

-    if (offset > size)

-      continue;

-    /* Issue the next prefetch. */

-    n = MIN (scan_size, size - offset);

-    ctrl->next->cache (ctrl->next, n, offset, 0, NULL);

+    if (offset < size) {

+      /* Issue the next prefetch. */

+      n = MIN (scan_size, size - offset);

+      ctrl->next->cache (ctrl->next, n, offset, 0, NULL);

+    }

   }

   if (scan_forever) {

-- 

2.31.1