From: "Daniel P. Berrange" <berrange@redhat.com>
To: Alexander Graf <agraf@suse.de>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] fix loading tiny kernels
Date: Tue, 3 Feb 2009 13:30:25 +0000 [thread overview]
Message-ID: <20090203133025.GC15613@redhat.com> (raw)
In-Reply-To: <D8169A5B-DC2C-4246-8492-ABD21EB4B998@suse.de>
On Tue, Feb 03, 2009 at 12:09:42PM +0100, Alexander Graf wrote:
>
> On 03.02.2009, at 11:30, Daniel P. Berrange wrote:
>
> >On Tue, Feb 03, 2009 at 10:06:10AM +0100, Ren? Rebe wrote:
> >>I babbled:
> >>>Further testing / polishing the multi-boot kernel loading support
> >>>I found
> >>>the existing code fails to load unusual small kernels, less than
> >>>8192
> >>>bytes -
> >>>for example the example multi-boot kernel shipped within GRUB that
> >>>compiles to just 7121 bytes on my system.
> >>>
> >>>Signed-off-by: René Rebe <rene@exactcode.de>
> >>>
> >>>--- hw/pc.c (revision 6501)
> >>>+++ hw/pc.c (working copy)
> >>>@@ -554,7 +989,7 @@
> >>> /* load the kernel header */
> >>> f = fopen(kernel_filename, "rb");
> >>> if (!f || !(kernel_size = get_file_size(f)) ||
> >>>- fread(header, 1, 1024, f) != 1024) {
> >>>+ fread(header, 1, MIN(8192, kernel_size), f) != MIN(8192,
> >>>kernel_size)) {
> >>> fprintf(stderr, "qemu: could not load kernel '%s'\n",
> >>> kernel_filename);
> >>> exit(1);
> >>>
> >>Ah, sorry - mix in the series. This only applies to the multi-boot
> >>series
> >>which increases the header read to 8192 bytes.
> >
> >Regardless, this code should not hardcode the size like this. It
> >should
> >use sizeof(header) instead of 1024 or 8192, thus avoiding the
> >potential
> >bug.
>
> You don't really know sizeof(header), do you? Header could be the
> Linux header or the Multiboot header which is by definition allowed to
> sit somewhere within the first 8192 bytes.
I meant in terms of making sure we didn't overflow the header variable
which is allocated on the stack. So instead of
uint8_t header[1024];
...
fread(header, 1, 1024, f);
You'd have
uint8_t header[1024];
...
fread(header, 1, sizeof(header), f);
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
next prev parent reply other threads:[~2009-02-03 13:30 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-03 8:59 [Qemu-devel] [PATCH] fix loading tiny kernels René Rebe
2009-02-03 9:05 ` Laurent Desnogues
2009-02-03 9:06 ` René Rebe
2009-02-03 10:30 ` Daniel P. Berrange
2009-02-03 11:09 ` Alexander Graf
2009-02-03 12:31 ` Rene Rebe
2009-02-03 12:33 ` Alexander Graf
2009-02-03 13:30 ` Daniel P. Berrange [this message]
2009-02-03 14:02 ` Rene Rebe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090203133025.GC15613@redhat.com \
--to=berrange@redhat.com \
--cc=agraf@suse.de \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).