From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LUKR6-0005Ac-SB
	for qemu-devel@nongnu.org; Tue, 03 Feb 2009 07:31:28 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LUKR6-0005AQ-6J
	for qemu-devel@nongnu.org; Tue, 03 Feb 2009 07:31:28 -0500
Received: from [199.232.76.173] (port=49379 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LUKR6-0005AN-3C
	for qemu-devel@nongnu.org; Tue, 03 Feb 2009 07:31:28 -0500
Received: from mr01.hansenet.de ([213.191.74.10]:59446)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <rene@exactcode.de>) id 1LUKR5-00007G-NT
	for qemu-devel@nongnu.org; Tue, 03 Feb 2009 07:31:27 -0500
Message-ID: <49883911.5040008@exactcode.de>
Date: Tue, 03 Feb 2009 13:31:13 +0100
From: Rene Rebe <rene@exactcode.de>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH] fix loading tiny kernels
References: <49880773.5000203@exactcode.de>
	<49880902.20700@exactcode.de>	<20090203103013.GC8886@redhat.com>
	<D8169A5B-DC2C-4246-8492-ABD21EB4B998@suse.de>
In-Reply-To: <D8169A5B-DC2C-4246-8492-ABD21EB4B998@suse.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: Quoted-Printable
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Alexander Graf <agraf@suse.de>

Alexander Graf wrote:
>=20
> On 03.02.2009, at 11:30, Daniel P. Berrange wrote:
>=20
>> On Tue, Feb 03, 2009 at 10:06:10AM +0100, Ren? Rebe wrote:
>>> I babbled:
>>>> Further testing / polishing the multi-boot kernel loading support I=20
>>>> found
>>>> the existing code fails to load unusual small kernels, less than 819=
2
>>>> bytes -
>>>> for example the example multi-boot kernel shipped within GRUB that
>>>> compiles to just 7121 bytes on my system.
>>>>
>>>> Signed-off-by: Ren=E9 Rebe <rene@exactcode.de>
>>>>
>>>> --- hw/pc.c     (revision 6501)
>>>> +++ hw/pc.c     (working copy)
>>>> @@ -554,7 +989,7 @@
>>>>   /* load the kernel header */
>>>>   f =3D fopen(kernel_filename, "rb");
>>>>   if (!f || !(kernel_size =3D get_file_size(f)) ||
>>>> -    fread(header, 1, 1024, f) !=3D 1024) {
>>>> +    fread(header, 1, MIN(8192, kernel_size), f) !=3D MIN(8192,
>>>> kernel_size)) {
>>>>   fprintf(stderr, "qemu: could not load kernel '%s'\n",
>>>>       kernel_filename);
>>>>   exit(1);
>>>>
>>> Ah,  sorry - mix in the series. This only applies to the multi-boot=20
>>> series
>>> which increases the header read to 8192 bytes.
>>
>> Regardless, this code should not hardcode the size like this. It shoul=
d
>> use sizeof(header) instead of 1024 or 8192, thus avoiding the potentia=
l
>> bug.
>=20
> You don't really know sizeof(header), do you? Header could be the Linux=
=20
> header or the Multiboot header which is by definition allowed to sit=20
> somewhere within the first 8192 bytes.

Maybe he ment just sizeof(header) to avoid letting future changes
of the code let the definition and code get out of sync if the
header size to be read is changed again.

--=20
   Ren=E9 Rebe - ExactCODE GmbH - Europe, Germany, Berlin
   http://exactcode.de | http://t2-project.org | http://rene.rebe.name