On Mon, 9 Mar 2020 at 14:45, Philippe Mathieu-Daudé <address@hidden> wrote:
We must not write more data than the memory region size.
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
---
hw/core/loader.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index d1b78f60cd..c67c483936 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1136,7 +1136,10 @@ static void rom_reset(void *unused)
continue;
}
if (rom->mr) {
- void *host = memory_region_get_ram_ptr(rom->mr);
+ void *host;
+
+ assert(memory_region_size(rom->mr) >= rom->datasize);
+ host = memory_region_get_ram_ptr(rom->mr);
memcpy(host, rom->data, rom->datasize);
Does this really only happen if there's a QEMU bug,
or could a user trigger this assert by accidentally
passing an oversize file on the command line?