qcow2: Fix backing file name length check

                      Error **errp)

{

    BDRVQcowState *s = bs->opaque;

    int len, i, ret = 0;

    unsigned int len, i;

    int ret = 0;

    QCowHeader header;

    QemuOpts *opts;

    Error *local_err = NULL;

    /* read the backing file name */

    if (header.backing_file_offset != 0) {

        len = header.backing_file_size;

        if (len > 1023) {

            len = 1023;

        if (len > MIN(1023, s->cluster_size - header.backing_file_offset)) {

            error_setg(errp, "Backing file name too long");

            ret = -EINVAL;

            goto fail;

        }

        ret = bdrv_pread(bs->file, header.backing_file_offset,

                         bs->backing_file, len);

header_size=104

offset_backing_file_offset=8

offset_backing_file_size=16

offset_l1_size=36

offset_l1_table_offset=40

offset_refcount_table_offset=48

poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01"

{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir

echo

echo "== Invalid backing file size =="

_make_test_img 64M

poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x10\x00"

poke_file "$TEST_IMG" "$offset_backing_file_size" "\xff\xff\xff\xff"

{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir

# success, all done

echo "*** done"

rm -f $seq.full

no file open, try 'help open'

qemu-io: can't open device TEST_DIR/t.qcow2: Invalid L1 table offset

no file open, try 'help open'

== Invalid backing file size ==

Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 

qemu-io: can't open device TEST_DIR/t.qcow2: Backing file name too long

no file open, try 'help open'

*** done