[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH for-4.1] roms: assert if max rom size is less than t
|
From: |
Igor Mammedov |
|
Subject: |
[Qemu-devel] [PATCH for-4.1] roms: assert if max rom size is less than the used size |
|
Date: |
Thu, 11 Apr 2019 13:28:18 +0200 |
It would ensure that we would notice attempt to write beyond
the allocated buffer. In case of MemoryRegion backed ROM it's
the host buffer and the guest RAM otherwise.
assert can be triggered with:
dd if=/dev/zero of=/tmp/blob bs=63k count=1
qemu-system-x86_64 `for i in {1..33}; do echo -n " -acpitable /tmp/blob";
done`
Fixes: (a1666142db acpi-build: make ROMs RAM blocks resizeable)
Reported-by: Wei Yang <address@hidden>
Signed-off-by: Igor Mammedov <address@hidden>
---
hw/core/loader.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index fe5cb24..a097bbe 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1025,6 +1025,7 @@ MemoryRegion *rom_add_blob(const char *name, const void
*blob, size_t len,
rom->addr = addr;
rom->romsize = max_len ? max_len : len;
rom->datasize = len;
+ g_assert(rom->romsize >= rom->datasize);
rom->data = g_malloc0(rom->datasize);
memcpy(rom->data, blob, len);
rom_insert(rom);
--
2.7.4
- [Qemu-devel] [PATCH for-4.1] roms: assert if max rom size is less than the used size,
Igor Mammedov <=