OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

loader: Fix read_targphys() to behave when read() fails

Browse Source 
Happily passes (size_t)-1 to rom_add_blob_fixed(), which promptly dies
attempting to malloc that much.  Spotted by Coverity.

Bonus fix for ROMs larger than INT_MAX bytes: return ssize_t instead
of int.  Bug can't bite, because the only user load_aout() limits ROM
size to an int value.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This commit is contained in:
Markus Armbruster 2011-11-16 19:41:56 +01:00 committed by Blue Swirl
parent 96d922a654
commit 725e14e91f
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hw/loader.c
View File

@ -85,11 +85,11 @@ int load_image(const char *filename, uint8_t *addr)
}
/* read()-like version */
int read_targphys(const char *name,
ssize_t read_targphys(const char *name,
int fd, target_phys_addr_t dst_addr, size_t nbytes)
{
uint8_t *buf;
size_t did;
ssize_t did;
buf = g_malloc(nbytes);
did = read(fd, buf, nbytes);
@ -176,7 +176,8 @@ static void bswap_ahdr(struct exec *e)
int load_aout(const char *filename, target_phys_addr_t addr, int max_sz,
int bswap_needed, target_phys_addr_t target_page_size)
{
int fd, size, ret;
int fd;
ssize_t size, ret;
struct exec e;
uint32_t magic;

2
hw/loader.h
View File

@ -14,7 +14,7 @@ int load_aout(const char *filename, target_phys_addr_t addr, int max_sz,
int load_uimage(const char *filename, target_phys_addr_t *ep,
target_phys_addr_t *loadaddr, int *is_linux);
int read_targphys(const char *name,
ssize_t read_targphys(const char *name,
int fd, target_phys_addr_t dst_addr, size_t nbytes);
void pstrcpy_targphys(const char *name,
target_phys_addr_t dest, int buf_size,