diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2021-04-01 17:08:48 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-04-01 17:08:48 +0100 |
| commit | 415fa2fe91e2a49fe8d56d6aacc8f8db82c74775 (patch) | |
| tree | 69112f0167a7926dc7d735b9c2dbd879f6720fc2 /backends/dbus-vmstate.c | |
| parent | 00084bab87c43be20638de7f191d1a1faed134cc (diff) | |
| parent | d3a0bb7706520928f8493fabaee76532b5b1adb4 (diff) | |
| download | focaccia-qemu-415fa2fe91e2a49fe8d56d6aacc8f8db82c74775.tar.gz focaccia-qemu-415fa2fe91e2a49fe8d56d6aacc8f8db82c74775.zip | |
Merge remote-tracking branch 'remotes/marcandre/tags/for-6.0-pull-request' into staging
For 6.0 misc patches under my radar. V2: - "tests: Add tests for yank with the chardev-change case" updated - drop the readthedoc theme patch # gpg: Signature made Thu 01 Apr 2021 12:54:52 BST # gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5 # gpg: issuer "marcandre.lureau@redhat.com" # gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full] # gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full] # Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5 * remotes/marcandre/tags/for-6.0-pull-request: tests: Add tests for yank with the chardev-change case chardev: Fix yank with the chardev-change case chardev/char.c: Always pass id to chardev_new chardev/char.c: Move object_property_try_add_child out of chardev_new yank: Always link full yank code yank: Remove dependency on qiochannel docs: simplify each section title dbus-vmstate: Increase the size of input stream buffer used during load util: fix use-after-free in module_load_one Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'backends/dbus-vmstate.c')
| -rw-r--r-- | backends/dbus-vmstate.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/backends/dbus-vmstate.c b/backends/dbus-vmstate.c index 2a0d2e4a31..9cfd758c42 100644 --- a/backends/dbus-vmstate.c +++ b/backends/dbus-vmstate.c @@ -204,6 +204,8 @@ static int dbus_vmstate_post_load(void *opaque, int version_id) m = g_memory_input_stream_new_from_data(self->data, self->data_size, NULL); s = g_data_input_stream_new(m); g_data_input_stream_set_byte_order(s, G_DATA_STREAM_BYTE_ORDER_BIG_ENDIAN); + g_buffered_input_stream_set_buffer_size(G_BUFFERED_INPUT_STREAM(s), + DBUS_VMSTATE_SIZE_LIMIT); nelem = g_data_input_stream_read_uint32(s, NULL, &err); if (err) { @@ -244,11 +246,23 @@ static int dbus_vmstate_post_load(void *opaque, int version_id) } len = g_data_input_stream_read_uint32(s, NULL, &err); + if (len > DBUS_VMSTATE_SIZE_LIMIT) { + error_report("%s: Invalid vmstate size: %u", __func__, len); + return -1; + } + + g_buffered_input_stream_fill(G_BUFFERED_INPUT_STREAM(s), len, NULL, + &err); + if (err) { + goto error; + } + avail = g_buffered_input_stream_get_available( G_BUFFERED_INPUT_STREAM(s)); - - if (len > DBUS_VMSTATE_SIZE_LIMIT || len > avail) { - error_report("%s: Invalid vmstate size: %u", __func__, len); + if (len > avail) { + error_report("%s: Not enough data available to load for Id: '%s'. " + "Available data size: %zu, Actual vmstate size: %u", + __func__, id, avail, len); return -1; } |