From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:52559)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1RkrX1-00035k-NB
	for qemu-devel@nongnu.org; Wed, 11 Jan 2012 01:19:32 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1RkrX0-00050b-LT
	for qemu-devel@nongnu.org; Wed, 11 Jan 2012 01:19:31 -0500
Received: from v220110690675601.yourvserver.net ([78.47.199.172]:41136)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1RkrX0-00050V-Fe
	for qemu-devel@nongnu.org; Wed, 11 Jan 2012 01:19:30 -0500
Message-ID: <4F0D29D4.4010604@weilnetz.de>
Date: Wed, 11 Jan 2012 07:19:00 +0100
From: Stefan Weil <sw@weilnetz.de>
MIME-Version: 1.0
References: <1326260692-7272-1-git-send-email-david@gibson.dropbear.id.au>
	<1326260692-7272-2-git-send-email-david@gibson.dropbear.id.au>
In-Reply-To: <1326260692-7272-2-git-send-email-david@gibson.dropbear.id.au>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 1/4] load_image_targphys() should enforce
 the	max size
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: agraf@suse.de, qemu-devel@nongnu.org

Am 11.01.2012 06:44, schrieb David Gibson:
> From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
>
> load_image_targphys() gets passed a max size for the file, but
> doesn't enforce it at all. Add a check and return -1 (error) if
> the file is too big, without loading it.
>
> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> hw/loader.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/hw/loader.c b/hw/loader.c
> index 446b628..7ad9e22 100644
> --- a/hw/loader.c
> +++ b/hw/loader.c
> @@ -108,6 +108,8 @@ int load_image_targphys(const char *filename,
> int size;
>
> size = get_image_size(filename);
> + if (size > max_sz)
> + return -1;
> if (size > 0)
> rom_add_file_fixed(filename, addr, -1);
> return size;

Even if this file is full of block statements without braces,
we should not add more of them. See CODING_STYLE and
scripts/checkpatch.pl.

There remains an additional problem:
Using 'int' for the size of files was sufficient 10 years ago,
but it is that no longer. get_image_size() silently reduced the
return value from lseek() to an 'int' value. So even with your
patch, very large files will be loaded (partially)!

Regards,
Stefan Weil