[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 09/12] aspeed: check for negative values returned by
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 09/12] aspeed: check for negative values returned by blk_getlength() |
Date: |
Fri, 10 Feb 2017 18:07:59 +0000 |
From: Cédric Le Goater <address@hidden>
write_boot_rom() does not check for negative values. This is more a
problem for coverity than the actual code as the size of the flash
device is checked when the m25p80 object is created. If there is
anything wrong with the backing file, we should not even reach that
path.
Signed-off-by: Cédric Le Goater <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
---
hw/arm/aspeed.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index a92c2f1..ac9cbd6 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -113,9 +113,19 @@ static void write_boot_rom(DriveInfo *dinfo, hwaddr addr,
size_t rom_size,
{
BlockBackend *blk = blk_by_legacy_dinfo(dinfo);
uint8_t *storage;
+ int64_t size;
- if (rom_size > blk_getlength(blk)) {
- rom_size = blk_getlength(blk);
+ /* The block backend size should have already been 'validated' by
+ * the creation of the m25p80 object.
+ */
+ size = blk_getlength(blk);
+ if (size <= 0) {
+ error_setg(errp, "failed to get flash size");
+ return;
+ }
+
+ if (rom_size > size) {
+ rom_size = size;
}
storage = g_new0(uint8_t, rom_size);
--
2.7.4
- [Qemu-devel] [PULL 00/12] target-arm queue, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 03/12] target-arm: Add support for PMU register PMINTENSET_EL1, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 05/12] target-arm: Declare virtio-mmio as dma-coherent in dt, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 04/12] target-arm: Enable vPMU support under TCG mode, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 06/12] hw/arm/virt: Declare virtio-mmio as dma cache coherent in ACPI, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 07/12] hw/arm/virt: Declare fwcfg as dma cache coherent in ACPI, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 09/12] aspeed: check for negative values returned by blk_getlength(),
Peter Maydell <=
- [Qemu-devel] [PULL 02/12] target-arm: Add support for AArch64 PMU register PMXEVTYPER_EL0, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 12/12] aspeed/smc: use a modulo to check segment limits, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 11/12] aspeed/smc: handle dummies only in fast read mode, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 10/12] aspeed: remove useless comment on controller segment size, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 08/12] hw/arm/virt: Declare fwcfg as dma cache coherent in dt, Peter Maydell, 2017/02/10
- [Qemu-devel] [PULL 01/12] target-arm: Add support for PMU register PMSELR_EL0, Peter Maydell, 2017/02/10
- Re: [Qemu-devel] [PULL 00/12] target-arm queue, Peter Maydell, 2017/02/13