pc: check for underflow in load_linux
If (setup_size+1)*512 is small enough, kernel_size -= setup_size can allocate a huge amount of memory. Avoid that. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This commit is contained in:
parent
16033ba577
commit
ec5fd40264
|
@ -985,6 +985,10 @@ static void load_linux(PCMachineState *pcms,
|
||||||
setup_size = 4;
|
setup_size = 4;
|
||||||
}
|
}
|
||||||
setup_size = (setup_size+1)*512;
|
setup_size = (setup_size+1)*512;
|
||||||
|
if (setup_size > kernel_size) {
|
||||||
|
fprintf(stderr, "qemu: invalid kernel header\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
kernel_size -= setup_size;
|
kernel_size -= setup_size;
|
||||||
|
|
||||||
setup = g_malloc(setup_size);
|
setup = g_malloc(setup_size);
|
||||||
|
|
Loading…
Reference in New Issue