From nobody Wed Dec 17 21:49:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1486750495680608.2195077451216; Fri, 10 Feb 2017 10:14:55 -0800 (PST) Received: from localhost ([::1]:45337 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ccFig-0007S9-BY for importer@patchew.org; Fri, 10 Feb 2017 13:14:54 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49651) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ccFcA-00022q-FY for qemu-devel@nongnu.org; Fri, 10 Feb 2017 13:08:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ccFc9-0003zQ-CL for qemu-devel@nongnu.org; Fri, 10 Feb 2017 13:08:10 -0500 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48480) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ccFc9-0003sU-4n for qemu-devel@nongnu.org; Fri, 10 Feb 2017 13:08:09 -0500 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1ccFc8-0007df-9R for qemu-devel@nongnu.org; Fri, 10 Feb 2017 18:08:08 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 10 Feb 2017 18:07:59 +0000 Message-Id: <1486750082-12324-10-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1486750082-12324-1-git-send-email-peter.maydell@linaro.org> References: <1486750082-12324-1-git-send-email-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 09/12] aspeed: check for negative values returned by blk_getlength() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 From: C=C3=A9dric Le Goater write_boot_rom() does not check for negative values. This is more a problem for coverity than the actual code as the size of the flash device is checked when the m25p80 object is created. If there is anything wrong with the backing file, we should not even reach that path. Signed-off-by: C=C3=A9dric Le Goater Message-id: 1486648058-520-2-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/aspeed.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c index a92c2f1..ac9cbd6 100644 --- a/hw/arm/aspeed.c +++ b/hw/arm/aspeed.c @@ -113,9 +113,19 @@ static void write_boot_rom(DriveInfo *dinfo, hwaddr ad= dr, size_t rom_size, { BlockBackend *blk =3D blk_by_legacy_dinfo(dinfo); uint8_t *storage; + int64_t size; =20 - if (rom_size > blk_getlength(blk)) { - rom_size =3D blk_getlength(blk); + /* The block backend size should have already been 'validated' by + * the creation of the m25p80 object. + */ + size =3D blk_getlength(blk); + if (size <=3D 0) { + error_setg(errp, "failed to get flash size"); + return; + } + + if (rom_size > size) { + rom_size =3D size; } =20 storage =3D g_new0(uint8_t, rom_size); --=20 2.7.4