From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Igor Mammedov <imammedo@redhat.com>
Subject: [Qemu-devel] [PULL 02/21] roms: assert if max rom size is less than the used size
Date: Wed, 15 May 2019 22:50:14 +0200 [thread overview]
Message-ID: <1557953433-19663-3-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1557953433-19663-1-git-send-email-pbonzini@redhat.com>
From: Igor Mammedov <imammedo@redhat.com>
It would ensure that we would notice attempt to write beyond
the allocated buffer. In case of MemoryRegion backed ROM it's
the host buffer and the guest RAM otherwise.
assert can be triggered with:
dd if=/dev/zero of=/tmp/blob bs=63k count=1
qemu-system-x86_64 `for i in {1..33}; do echo -n " -acpitable /tmp/blob"; done`
Fixes: (a1666142db acpi-build: make ROMs RAM blocks resizeable)
Reported-by: Wei Yang <richardw.yang@linux.intel.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1554982098-336210-1-git-send-email-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/core/loader.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index fe5cb24..a097bbe 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1025,6 +1025,7 @@ MemoryRegion *rom_add_blob(const char *name, const void *blob, size_t len,
rom->addr = addr;
rom->romsize = max_len ? max_len : len;
rom->datasize = len;
+ g_assert(rom->romsize >= rom->datasize);
rom->data = g_malloc0(rom->datasize);
memcpy(rom->data, blob, len);
rom_insert(rom);
--
1.8.3.1
next prev parent reply other threads:[~2019-05-15 20:52 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-15 20:50 [Qemu-devel] [PULL 00/21] Misc patches for 2019-05-15 Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 01/21] hw/input: Add a CONFIG_PS2 switch for the ps2.c file Paolo Bonzini
2019-05-15 20:50 ` Paolo Bonzini [this message]
2019-05-16 12:40 ` [Qemu-devel] [PULL 02/21] roms: assert if max rom size is less than the used size Thomas Huth
2019-05-15 20:50 ` [Qemu-devel] [PULL 03/21] Declare -realtime as deprecated Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 04/21] vl: Add missing descriptions to the VGA adapters list Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 05/21] megasas: fix mapped frame size Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 06/21] hvf: Add missing break statement Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 07/21] vl: fix -sandbox parsing crash when seccomp support is disabled Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 08/21] memory: correct the comment to DIRTY_MEMORY_MIGRATION Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 09/21] hw/acpi/piix4: Move TYPE_PIIX4_PM to a public header Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 10/21] hw/i386/acpi: Add object_resolve_type_unambiguous to improve modularity Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 11/21] hw/i386/acpi: Assert a pointer is not null BEFORE using it Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 12/21] mips-fulong2e: obey -vga none Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 13/21] sun4m: " Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 14/21] trace: only include trace-event-subdirs when they are needed Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 15/21] build: replace GENERATED_FILES by generated-files-y Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 16/21] configure: qemu-ga is only needed with softmmu targets Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 17/21] build: chardev is only needed for " Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 18/21] build: don't build hardware objects with linux-user Paolo Bonzini
2019-05-21 11:52 ` Daniel P. Berrangé
2019-05-21 12:52 ` Laurent Vivier
2019-05-21 12:54 ` Daniel P. Berrangé
2019-05-21 20:16 ` Laurent Vivier
2019-07-04 13:09 ` Philippe Mathieu-Daudé
2019-05-15 20:50 ` [Qemu-devel] [PULL 19/21] ioapic: allow buggy guests mishandling level-triggered interrupts to make progress Paolo Bonzini
2019-07-04 12:57 ` Marc-André Lureau
2019-07-04 13:00 ` Li Qiang
2019-07-04 13:05 ` Marc-André Lureau
2019-07-04 13:13 ` Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 20/21] hw/char: Move multi-serial devices into separate file Paolo Bonzini
2019-05-15 20:50 ` [Qemu-devel] [PULL 21/21] hw/net/ne2000: Extract the PCI device from the chipset common code Paolo Bonzini
2019-05-16 12:14 ` [Qemu-devel] [PULL 00/21] Misc patches for 2019-05-15 Peter Maydell
2019-05-16 17:58 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1557953433-19663-3-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=imammedo@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).