[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 02/21] roms: assert if max rom size is less than the
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] [PULL 02/21] roms: assert if max rom size is less than the used size |
Date: |
Wed, 15 May 2019 22:50:14 +0200 |
From: Igor Mammedov <address@hidden>
It would ensure that we would notice attempt to write beyond
the allocated buffer. In case of MemoryRegion backed ROM it's
the host buffer and the guest RAM otherwise.
assert can be triggered with:
dd if=/dev/zero of=/tmp/blob bs=63k count=1
qemu-system-x86_64 `for i in {1..33}; do echo -n " -acpitable /tmp/blob";
done`
Fixes: (a1666142db acpi-build: make ROMs RAM blocks resizeable)
Reported-by: Wei Yang <address@hidden>
Signed-off-by: Igor Mammedov <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
hw/core/loader.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index fe5cb24..a097bbe 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1025,6 +1025,7 @@ MemoryRegion *rom_add_blob(const char *name, const void
*blob, size_t len,
rom->addr = addr;
rom->romsize = max_len ? max_len : len;
rom->datasize = len;
+ g_assert(rom->romsize >= rom->datasize);
rom->data = g_malloc0(rom->datasize);
memcpy(rom->data, blob, len);
rom_insert(rom);
--
1.8.3.1
- [Qemu-devel] [PULL 00/21] Misc patches for 2019-05-15, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 01/21] hw/input: Add a CONFIG_PS2 switch for the ps2.c file, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 02/21] roms: assert if max rom size is less than the used size,
Paolo Bonzini <=
- [Qemu-devel] [PULL 03/21] Declare -realtime as deprecated, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 04/21] vl: Add missing descriptions to the VGA adapters list, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 05/21] megasas: fix mapped frame size, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 06/21] hvf: Add missing break statement, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 08/21] memory: correct the comment to DIRTY_MEMORY_MIGRATION, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 07/21] vl: fix -sandbox parsing crash when seccomp support is disabled, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 09/21] hw/acpi/piix4: Move TYPE_PIIX4_PM to a public header, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 10/21] hw/i386/acpi: Add object_resolve_type_unambiguous to improve modularity, Paolo Bonzini, 2019/05/15
- [Qemu-devel] [PULL 11/21] hw/i386/acpi: Assert a pointer is not null BEFORE using it, Paolo Bonzini, 2019/05/15