* [Qemu-devel] [PATCH] pc: check for underflow in load_linux
@ 2015-09-14 10:07 Paolo Bonzini
2015-09-16 11:02 ` Michael Tokarev
0 siblings, 1 reply; 2+ messages in thread
From: Paolo Bonzini @ 2015-09-14 10:07 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial
If (setup_size+1)*512 is small enough, kernel_size -= setup_size can allocate
a huge amount of memory. Avoid that.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/pc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 56aecce..6a312bd 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -986,6 +986,10 @@ static void load_linux(PCMachineState *pcms,
setup_size = 4;
}
setup_size = (setup_size+1)*512;
+ if (setup_size > kernel_size) {
+ fprintf(stderr, "qemu: invalid kernel header\n");
+ exit(1);
+ }
kernel_size -= setup_size;
setup = g_malloc(setup_size);
--
2.5.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH] pc: check for underflow in load_linux
2015-09-14 10:07 [Qemu-devel] [PATCH] pc: check for underflow in load_linux Paolo Bonzini
@ 2015-09-16 11:02 ` Michael Tokarev
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tokarev @ 2015-09-16 11:02 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel; +Cc: qemu-trivial
14.09.2015 13:07, Paolo Bonzini wrote:
> If (setup_size+1)*512 is small enough, kernel_size -= setup_size can allocate
> a huge amount of memory. Avoid that.
Applied to -trivial, thanks!
/mjt
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-09-16 11:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-14 10:07 [Qemu-devel] [PATCH] pc: check for underflow in load_linux Paolo Bonzini
2015-09-16 11:02 ` Michael Tokarev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).