Patchwork [15/26] load_image_targphys() should enforce the max size

login
register
mail settings
Submitter Alexander Graf
Date Jan. 21, 2012, 4:19 a.m.
Message ID <1327119551-29674-16-git-send-email-agraf@suse.de>
Download mbox | patch
Permalink /patch/137165/
State New
Headers show

Comments

Alexander Graf - Jan. 21, 2012, 4:19 a.m.
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>

load_image_targphys() gets passed a max size for the file, but doesn't
enforce it at all. Add a check and return -1 (error) if the file is
too big, without loading it.  Fix the bracing style in the function
while we're at it.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/loader.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

Patch

diff --git a/hw/loader.c b/hw/loader.c
index 446b628..415cdce 100644
--- a/hw/loader.c
+++ b/hw/loader.c
@@ -108,8 +108,12 @@  int load_image_targphys(const char *filename,
     int size;
 
     size = get_image_size(filename);
-    if (size > 0)
+    if (size > max_sz) {
+        return -1;
+    }
+    if (size > 0) {
         rom_add_file_fixed(filename, addr, -1);
+    }
     return size;
 }