Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory

qemu-ppc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory region
Date:	Mon, 9 Mar 2020 16:41:38 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1

On 3/9/20 3:48 PM, Peter Maydell wrote:

On Mon, 9 Mar 2020 at 14:45, Philippe Mathieu-Daudé <address@hidden> wrote:


We must not write more data than the memory region size.

Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
---
  hw/core/loader.c | 5 ++++-
  1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index d1b78f60cd..c67c483936 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1136,7 +1136,10 @@ static void rom_reset(void *unused)
              continue;
          }
          if (rom->mr) {
-            void *host = memory_region_get_ram_ptr(rom->mr);
+            void *host;
+
+            assert(memory_region_size(rom->mr) >= rom->datasize);
+            host = memory_region_get_ram_ptr(rom->mr);
              memcpy(host, rom->data, rom->datasize);


Does this really only happen if there's a QEMU bug,
or could a user trigger this assert by accidentally
passing an oversize file on the command line?

This is definitively command-line triggered, but it occurred when I wastrying the RX port (not yet merged) so the bug might be an incorrect APIuse there. I'll check tonight. Meanwhile I went consolidating the restof the code to feel safer.


thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/5] hw/core/loader: Prohibit loading ROMs bigger than memory region, Philippe Mathieu-Daudé, 2020/03/09
- [PATCH 1/5] hw/sparc64/niagara: Pass available memory region size to add_rom_or_fail, Philippe Mathieu-Daudé, 2020/03/09
- [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory region, Philippe Mathieu-Daudé, 2020/03/09
  - Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory region, Peter Maydell, 2020/03/09
    - Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory region, Philippe Mathieu-Daudé <=
- [PATCH 3/5] hw/core/loader: Provide rom_add_file() a 'max_size' argument, Philippe Mathieu-Daudé, 2020/03/09
  - RE: [PATCH 3/5] hw/core/loader: Provide rom_add_file() a 'max_size' argument, Taylor Simpson, 2020/03/09
- [PATCH 4/5] hw/core/loader: Restrict rom_add_file_mr() to available region size, Philippe Mathieu-Daudé, 2020/03/09
- [PATCH 5/5] hw/core/loader: Provide rom_add_file_fixed() a 'max_size' argument, Philippe Mathieu-Daudé, 2020/03/09
  - Re: [PATCH 5/5] hw/core/loader: Provide rom_add_file_fixed() a 'max_size' argument, David Gibson, 2020/03/09

Prev by Date: Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory region
Next by Date: RE: [PATCH 3/5] hw/core/loader: Provide rom_add_file() a 'max_size' argument
Previous by thread: Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory region
Next by thread: [PATCH 3/5] hw/core/loader: Provide rom_add_file() a 'max_size' argument
Index(es):
- Date
- Thread