From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:56596) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RoSQS-0007eQ-0e for qemu-devel@nongnu.org; Fri, 20 Jan 2012 23:19:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RoSQA-0001Sw-FQ for qemu-devel@nongnu.org; Fri, 20 Jan 2012 23:19:30 -0500 From: Alexander Graf Date: Sat, 21 Jan 2012 05:19:00 +0100 Message-Id: <1327119551-29674-16-git-send-email-agraf@suse.de> In-Reply-To: <1327119551-29674-1-git-send-email-agraf@suse.de> References: <1327119551-29674-1-git-send-email-agraf@suse.de> Subject: [Qemu-devel] [PATCH 15/26] load_image_targphys() should enforce the max size List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-ppc@nongnu.org Cc: qemu-devel Developers , Blue Swirl , Aurelien Jarno , David Gibson From: Benjamin Herrenschmidt load_image_targphys() gets passed a max size for the file, but doesn't enforce it at all. Add a check and return -1 (error) if the file is too big, without loading it. Fix the bracing style in the function while we're at it. Signed-off-by: Benjamin Herrenschmidt Signed-off-by: David Gibson Signed-off-by: Alexander Graf --- hw/loader.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/hw/loader.c b/hw/loader.c index 446b628..415cdce 100644 --- a/hw/loader.c +++ b/hw/loader.c @@ -108,8 +108,12 @@ int load_image_targphys(const char *filename, int size; size = get_image_size(filename); - if (size > 0) + if (size > max_sz) { + return -1; + } + if (size > 0) { rom_add_file_fixed(filename, addr, -1); + } return size; } -- 1.6.0.2