From: "Cédric Le Goater" <clg@kaod.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: "Peter Crosthwaite" <crosthwaite.peter@gmail.com>,
qemu-arm@nongnu.org, qemu-devel@nongnu.org,
"Cédric Le Goater" <clg@kaod.org>
Subject: [Qemu-devel] [PATCH 1/4] aspeed: check for negative values returned by blk_getlength()
Date: Thu, 9 Feb 2017 14:47:35 +0100 [thread overview]
Message-ID: <1486648058-520-2-git-send-email-clg@kaod.org> (raw)
In-Reply-To: <1486648058-520-1-git-send-email-clg@kaod.org>
write_boot_rom() does not check for negative values. This is more a
problem for coverity than the actual code as the size of the flash
device is checked when the m25p80 object is created. If there is
anything wrong with the backing file, we should not even reach that
path.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
---
hw/arm/aspeed.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index a92c2f1c362b..ac9cbd66b72a 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -113,9 +113,19 @@ static void write_boot_rom(DriveInfo *dinfo, hwaddr addr, size_t rom_size,
{
BlockBackend *blk = blk_by_legacy_dinfo(dinfo);
uint8_t *storage;
+ int64_t size;
- if (rom_size > blk_getlength(blk)) {
- rom_size = blk_getlength(blk);
+ /* The block backend size should have already been 'validated' by
+ * the creation of the m25p80 object.
+ */
+ size = blk_getlength(blk);
+ if (size <= 0) {
+ error_setg(errp, "failed to get flash size");
+ return;
+ }
+
+ if (rom_size > size) {
+ rom_size = size;
}
storage = g_new0(uint8_t, rom_size);
--
2.7.4
next prev parent reply other threads:[~2017-02-09 13:49 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-09 13:47 [Qemu-devel] [PATCH 0/4] aspeed: miscellaneous small fixes Cédric Le Goater
2017-02-09 13:47 ` Cédric Le Goater [this message]
2017-02-09 13:47 ` [Qemu-devel] [PATCH 2/4] aspeed: remove useless comment on controller segment size Cédric Le Goater
2017-02-09 21:47 ` Philippe Mathieu-Daudé
2017-02-09 13:47 ` [Qemu-devel] [PATCH 3/4] aspeed/smc: handle dummies only in fast read mode Cédric Le Goater
2017-02-09 13:47 ` [Qemu-devel] [PATCH 4/4] aspeed/smc: use a modulo to check segment limits Cédric Le Goater
2017-02-09 21:49 ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2017-02-10 15:14 ` [Qemu-devel] [PATCH 0/4] aspeed: miscellaneous small fixes Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1486648058-520-2-git-send-email-clg@kaod.org \
--to=clg@kaod.org \
--cc=crosthwaite.peter@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).