On 24 May 2017 at 10:13, Andrew Jones <drjones@redhat.com> wrote:
> Don't allow load_uboot_image() to proceed when less bytes than
> header-size was read.
>
> Signed-off-by: Andrew Jones <drjones@redhat.com>
> ---
> hw/core/loader.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/core/loader.c b/hw/core/loader.c
> index bf17b42cbec2..f72930ca4a41 100644
> --- a/hw/core/loader.c
> +++ b/hw/core/loader.c
> @@ -611,8 +611,9 @@ static int load_uboot_image(const char *filename, hwaddr *ep, hwaddr *loadaddr,
> return -1;
>
> size = read(fd, hdr, sizeof(uboot_image_header_t));
> - if (size < 0)
> + if (size < sizeof(uboot_image_header_t)) {
> goto out;
> + }
>
> bswap_uboot_header(hdr);
>
Applied to target-arm.next, thanks.
-- PMM