From: Rene Rebe <rene@exactcode.de>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Alexander Graf <agraf@suse.de>
Subject: Re: [Qemu-devel] [PATCH] fix loading tiny kernels
Date: Tue, 03 Feb 2009 15:02:51 +0100 [thread overview]
Message-ID: <49884E8B.6010106@exactcode.de> (raw)
In-Reply-To: <20090203133025.GC15613@redhat.com>
Daniel P. Berrange wrote:
> On Tue, Feb 03, 2009 at 12:09:42PM +0100, Alexander Graf wrote:
>> On 03.02.2009, at 11:30, Daniel P. Berrange wrote:
>>
>>> On Tue, Feb 03, 2009 at 10:06:10AM +0100, Ren? Rebe wrote:
>>>> I babbled:
>>>>> Further testing / polishing the multi-boot kernel loading support
>>>>> I found
>>>>> the existing code fails to load unusual small kernels, less than
>>>>> 8192
>>>>> bytes -
>>>>> for example the example multi-boot kernel shipped within GRUB that
>>>>> compiles to just 7121 bytes on my system.
>>>>>
>>>>> Signed-off-by: René Rebe <rene@exactcode.de>
>>>>>
>>>>> --- hw/pc.c (revision 6501)
>>>>> +++ hw/pc.c (working copy)
>>>>> @@ -554,7 +989,7 @@
>>>>> /* load the kernel header */
>>>>> f = fopen(kernel_filename, "rb");
>>>>> if (!f || !(kernel_size = get_file_size(f)) ||
>>>>> - fread(header, 1, 1024, f) != 1024) {
>>>>> + fread(header, 1, MIN(8192, kernel_size), f) != MIN(8192,
>>>>> kernel_size)) {
>>>>> fprintf(stderr, "qemu: could not load kernel '%s'\n",
>>>>> kernel_filename);
>>>>> exit(1);
>>>>>
>>>> Ah, sorry - mix in the series. This only applies to the multi-boot
>>>> series
>>>> which increases the header read to 8192 bytes.
>>> Regardless, this code should not hardcode the size like this. It
>>> should
>>> use sizeof(header) instead of 1024 or 8192, thus avoiding the
>>> potential
>>> bug.
>> You don't really know sizeof(header), do you? Header could be the
>> Linux header or the Multiboot header which is by definition allowed to
>> sit somewhere within the first 8192 bytes.
>
> I meant in terms of making sure we didn't overflow the header variable
> which is allocated on the stack. So instead of
>
> uint8_t header[1024];
> ...
> fread(header, 1, 1024, f);
>
> You'd have
>
> uint8_t header[1024];
> ...
> fread(header, 1, sizeof(header), f);
>
> Daniel
Just preventing this in the case it's changed in the future and
one place is forgotten.
I already changed the code to use the ARRAY_SIZE macro in my
working copy:
http://svn.exactcode.de/t2/trunk/package/emulators/kvm/09-qemu-multiboot.patch
--
René Rebe - ExactCODE GmbH - Europe, Germany, Berlin
http://exactcode.de | http://t2-project.org | http://rene.rebe.name
prev parent reply other threads:[~2009-02-03 14:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-03 8:59 [Qemu-devel] [PATCH] fix loading tiny kernels René Rebe
2009-02-03 9:05 ` Laurent Desnogues
2009-02-03 9:06 ` René Rebe
2009-02-03 10:30 ` Daniel P. Berrange
2009-02-03 11:09 ` Alexander Graf
2009-02-03 12:31 ` Rene Rebe
2009-02-03 12:33 ` Alexander Graf
2009-02-03 13:30 ` Daniel P. Berrange
2009-02-03 14:02 ` Rene Rebe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49884E8B.6010106@exactcode.de \
--to=rene@exactcode.de \
--cc=agraf@suse.de \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).