The series fixed the crash, but qemu-img started to produce the confusing output:
$ qemu-img check test_image ERROR: I/O error in check_refcounts_l1 No errors were found on the image. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1332297 Title: qemu-img: crash on check of an image with large value in the 'size' header field Status in QEMU: New Bug description: The qemu-img crashes on the next command: qemu-img check test_image 'test_image' can be found in the attachment. It's a fuzzed test image with the qcow2 image header only. Suppositional cause of the failure is the value of 'size' header field set to maximum uint_64 value. System information: qemu.git: 6baa963f4dcc2118 Host: Linux 3.14.7-200.fc20.x86_64 #1 SMP Wed Jun 11 22:38:05 UTC 2014 x86_64 GNU/Linux To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1332297/+subscriptions
