| Message ID | 1557953433-19663-3-git-send-email-pbonzini@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | [PULL,01/21] hw/input: Add a CONFIG_PS2 switch for theps2.c file | expand |
On 15/05/2019 22.50, Paolo Bonzini wrote: > From: Igor Mammedov <imammedo@redhat.com> > > It would ensure that we would notice attempt to write beyond > the allocated buffer. In case of MemoryRegion backed ROM it's > the host buffer and the guest RAM otherwise. > > assert can be triggered with: > dd if=/dev/zero of=/tmp/blob bs=63k count=1 > qemu-system-x86_64 `for i in {1..33}; do echo -n " -acpitable /tmp/blob"; done` Sorry, but a user should normally never be able to trigger an assert, even if passing lots of garbage to qemu via the command line. asserts are for guarding against programming errors. Could you please change this into a proper error message instead? Thanks, Thomas
diff --git a/hw/core/loader.c b/hw/core/loader.c index fe5cb24..a097bbe 100644 --- a/hw/core/loader.c +++ b/hw/core/loader.c @@ -1025,6 +1025,7 @@ MemoryRegion *rom_add_blob(const char *name, const void *blob, size_t len, rom->addr = addr; rom->romsize = max_len ? max_len : len; rom->datasize = len; + g_assert(rom->romsize >= rom->datasize); rom->data = g_malloc0(rom->datasize); memcpy(rom->data, blob, len); rom_insert(rom);