[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory
|
From: |
Peter Maydell |
|
Subject: |
Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory region |
|
Date: |
Mon, 9 Mar 2020 14:48:14 +0000 |
On Mon, 9 Mar 2020 at 14:45, Philippe Mathieu-Daudé <address@hidden> wrote:
>
> We must not write more data than the memory region size.
>
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
> hw/core/loader.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/hw/core/loader.c b/hw/core/loader.c
> index d1b78f60cd..c67c483936 100644
> --- a/hw/core/loader.c
> +++ b/hw/core/loader.c
> @@ -1136,7 +1136,10 @@ static void rom_reset(void *unused)
> continue;
> }
> if (rom->mr) {
> - void *host = memory_region_get_ram_ptr(rom->mr);
> + void *host;
> +
> + assert(memory_region_size(rom->mr) >= rom->datasize);
> + host = memory_region_get_ram_ptr(rom->mr);
> memcpy(host, rom->data, rom->datasize);
Does this really only happen if there's a QEMU bug,
or could a user trigger this assert by accidentally
passing an oversize file on the command line?
thanks
-- PMM
- [PATCH 0/5] hw/core/loader: Prohibit loading ROMs bigger than memory region, Philippe Mathieu-Daudé, 2020/03/09
- [PATCH 1/5] hw/sparc64/niagara: Pass available memory region size to add_rom_or_fail, Philippe Mathieu-Daudé, 2020/03/09
- [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory region, Philippe Mathieu-Daudé, 2020/03/09
- Re: [PATCH 2/5] hw/core/loader: Prohibit loading ROMs bigger than memory region,
Peter Maydell <=
- [PATCH 3/5] hw/core/loader: Provide rom_add_file() a 'max_size' argument, Philippe Mathieu-Daudé, 2020/03/09
- [PATCH 4/5] hw/core/loader: Restrict rom_add_file_mr() to available region size, Philippe Mathieu-Daudé, 2020/03/09
- [PATCH 5/5] hw/core/loader: Provide rom_add_file_fixed() a 'max_size' argument, Philippe Mathieu-Daudé, 2020/03/09