return ret;
}
-static int verify_header(struct verify_header *hdr)
+static int verify_header(struct io_u *io_u, struct verify_header *hdr)
{
void *p = hdr;
uint32_t crc;
if (hdr->magic != FIO_HDR_MAGIC)
return 0;
+ if (hdr->len > io_u->buflen) {
+ log_err("fio: verify header exceeds buffer length (%u > %lu)\n", hdr->len, io_u->buflen);
+ return 0;
+ }
crc = fio_crc32c(p, offsetof(struct verify_header, crc32));
if (crc == hdr->crc32)
memswp(p, p + td->o.verify_offset, header_size);
hdr = p;
- if (!verify_header(hdr)) {
+ if (!verify_header(io_u, hdr)) {
log_err("verify: bad magic header %x, wanted %x at "
"file %s offset %llu, length %u\n",
hdr->magic, FIO_HDR_MAGIC,