[Qemu-trivial] [PULL 07/19] pc: check for underflow in load

qemu-trivial

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-trivial] [PULL 07/19] pc: check for underflow in load_linux

From:	Michael Tokarev
Subject:	[Qemu-trivial] [PULL 07/19] pc: check for underflow in load_linux
Date:	Thu, 8 Oct 2015 19:52:16 +0300

From: Paolo Bonzini <address@hidden>

If (setup_size+1)*512 is small enough, kernel_size -= setup_size can allocate
a huge amount of memory.  Avoid that.

Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
---
 hw/i386/pc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 9275297..682867a 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -985,6 +985,10 @@ static void load_linux(PCMachineState *pcms,
         setup_size = 4;
     }
     setup_size = (setup_size+1)*512;
+    if (setup_size > kernel_size) {
+        fprintf(stderr, "qemu: invalid kernel header\n");
+        exit(1);
+    }
     kernel_size -= setup_size;
 
     setup  = g_malloc(setup_size);
-- 
2.1.4

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-trivial] [PULL 00/19] Trivial patches for 2015-10-08, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 10/19] target-ppc: Remove unnecessary variable, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 03/19] sdhci: Change debug prints to compile unconditionally, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 12/19] qapi: add missing @, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 09/19] target-microblaze: Remove unnecessary variable, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 14/19] hw: char: Remove unnecessary variable, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 13/19] hw: timer: Remove unnecessary variable, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 05/19] block/ssh: remove dead code, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 07/19] pc: check for underflow in load_linux, Michael Tokarev <=
- [Qemu-trivial] [PULL 17/19] linux-user: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 02/19] sdhci: use PRIx64 for uint64_t type, Michael Tokarev, 2015/10/08
- [Qemu-trivial] [PULL 11/19] MAINTAINERS: Add NSIS file for W32, W64 hosts, Michael Tokarev, 2015/10/08
- Re: [Qemu-trivial] [Qemu-devel] [PULL 00/19] Trivial patches for 2015-10-08, Peter Maydell, 2015/10/09
- [Qemu-trivial] [PULL 01/19] Add .dir-locals.el file to configure emacs coding style, Michael Tokarev, 2015/10/09
  - Re: [Qemu-trivial] [Qemu-devel] [PULL 01/19] Add .dir-locals.el file to configure emacs coding style, Marc-André Lureau, 2015/10/09
- [Qemu-trivial] [PULL 16/19] rocker: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/10/09
- [Qemu-trivial] [PULL 04/19] imx_serial: Generate interrupt on tx empty if enabled, Michael Tokarev, 2015/10/09
- [Qemu-trivial] [PULL 08/19] s/cpu_get_real_ticks/cpu_get_host_ticks/, Michael Tokarev, 2015/10/09
- [Qemu-trivial] [PULL 06/19] pci-assign: do not include sys/io.h, Michael Tokarev, 2015/10/09

Prev by Date: [Qemu-trivial] [PULL 05/19] block/ssh: remove dead code
Next by Date: [Qemu-trivial] [PULL 00/19] Trivial patches for 2015-10-08
Previous by thread: [Qemu-trivial] [PULL 05/19] block/ssh: remove dead code
Next by thread: [Qemu-trivial] [PULL 17/19] linux-user: Use g_new() & friends where that makes obvious sense
Index(es):
- Date
- Thread