[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 07/19] pc: check for underflow in load_linux
From: |
Michael Tokarev |
Subject: |
[Qemu-devel] [PULL 07/19] pc: check for underflow in load_linux |
Date: |
Thu, 8 Oct 2015 19:52:16 +0300 |
From: Paolo Bonzini <address@hidden>
If (setup_size+1)*512 is small enough, kernel_size -= setup_size can allocate
a huge amount of memory. Avoid that.
Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
---
hw/i386/pc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 9275297..682867a 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -985,6 +985,10 @@ static void load_linux(PCMachineState *pcms,
setup_size = 4;
}
setup_size = (setup_size+1)*512;
+ if (setup_size > kernel_size) {
+ fprintf(stderr, "qemu: invalid kernel header\n");
+ exit(1);
+ }
kernel_size -= setup_size;
setup = g_malloc(setup_size);
--
2.1.4
- [Qemu-devel] [PULL 00/19] Trivial patches for 2015-10-08, Michael Tokarev, 2015/10/09
- [Qemu-devel] [PULL 18/19] linux-user: Remove type casts to union type, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 08/19] s/cpu_get_real_ticks/cpu_get_host_ticks/, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 13/19] hw: timer: Remove unnecessary variable, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 14/19] hw: char: Remove unnecessary variable, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 09/19] target-microblaze: Remove unnecessary variable, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 10/19] target-ppc: Remove unnecessary variable, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 04/19] imx_serial: Generate interrupt on tx empty if enabled, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 17/19] linux-user: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 07/19] pc: check for underflow in load_linux,
Michael Tokarev <=
- [Qemu-devel] [PULL 19/19] tests: Unique test path for /string-visitor/output, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 01/19] Add .dir-locals.el file to configure emacs coding style, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 11/19] MAINTAINERS: Add NSIS file for W32, W64 hosts, Michael Tokarev, 2015/10/08
- [Qemu-devel] [PULL 03/19] sdhci: Change debug prints to compile unconditionally, Michael Tokarev, 2015/10/09
- [Qemu-devel] [PULL 16/19] rocker: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/10/09
- [Qemu-devel] [PULL 05/19] block/ssh: remove dead code, Michael Tokarev, 2015/10/09
- [Qemu-devel] [PULL 02/19] sdhci: use PRIx64 for uint64_t type, Michael Tokarev, 2015/10/09
- [Qemu-devel] [PULL 12/19] qapi: add missing @, Michael Tokarev, 2015/10/09
- [Qemu-devel] [PULL 15/19] .travis.yml: Run make check for all targets, not just some, Michael Tokarev, 2015/10/09