desc length should be always less than VIR_STORAGE_MAX_HEADER.
If len = VIR_STORAGE_MAX_HEADER, desc may be out of bounds.

Fixes: 348b4e254b ("storage: always probe type with buffer")
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
---
v2: change Fixes: line

 src/storage_file/storage_file_probe.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/storage_file/storage_file_probe.c b/src/storage_file/storage_file_probe.c
index 9465af5d96..0dcc9c2c54 100644
--- a/src/storage_file/storage_file_probe.c
+++ b/src/storage_file/storage_file_probe.c
@@ -586,8 +586,8 @@ vmdk4GetBackingStore(char **res,
         return BACKING_STORE_INVALID;
 
     len = buf_size - 0x200;
-    if (len > VIR_STORAGE_MAX_HEADER)
-        len = VIR_STORAGE_MAX_HEADER;
+    if (len >= VIR_STORAGE_MAX_HEADER)
+        len = VIR_STORAGE_MAX_HEADER - 1;
     memcpy(desc, buf + 0x200, len);
     desc[len] = '\0';
     start = strstr(desc, prefix);
-- 
2.30.2

On a Monday in 2023, Anastasia Belova wrote:
>desc length should be always less than VIR_STORAGE_MAX_HEADER.
>If len = VIR_STORAGE_MAX_HEADER, desc may be out of bounds.
>
>Fixes: 348b4e254b ("storage: always probe type with buffer")
>Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
>---
>v2: change Fixes: line
>

Oops, I already pushed it as:
commit 2c6b5a84257379e516ca1999782dca88dfd8a9de
but forgot to change the commit line.

Jano

> src/storage_file/storage_file_probe.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)