Don't allow load_uboot_image() to proceed when less bytes than
header-size was read.

Signed-off-by: Andrew Jones <drjones@redhat.com>
---
 hw/core/loader.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index bf17b42cbec2..f72930ca4a41 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -611,8 +611,9 @@ static int load_uboot_image(const char *filename, hwaddr *ep, hwaddr *loadaddr,
         return -1;
 
     size = read(fd, hdr, sizeof(uboot_image_header_t));
-    if (size < 0)
+    if (size < sizeof(uboot_image_header_t)) {
         goto out;
+    }
 
     bswap_uboot_header(hdr);
 
-- 
2.9.4

On 24 May 2017 at 10:13, Andrew Jones <drjones@redhat.com> wrote:
> Don't allow load_uboot_image() to proceed when less bytes than
> header-size was read.
>
> Signed-off-by: Andrew Jones <drjones@redhat.com>
> ---
>  hw/core/loader.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/core/loader.c b/hw/core/loader.c
> index bf17b42cbec2..f72930ca4a41 100644
> --- a/hw/core/loader.c
> +++ b/hw/core/loader.c
> @@ -611,8 +611,9 @@ static int load_uboot_image(const char *filename, hwaddr *ep, hwaddr *loadaddr,
>          return -1;
>
>      size = read(fd, hdr, sizeof(uboot_image_header_t));
> -    if (size < 0)
> +    if (size < sizeof(uboot_image_header_t)) {
>          goto out;
> +    }
>
>      bswap_uboot_header(hdr);
>



Applied to target-arm.next, thanks.

-- PMM