summary refs log tree commit diff stats
path: root/hw/core
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2017-07-31 11:27:43 +0100
committerPeter Maydell <peter.maydell@linaro.org>2017-07-31 11:27:43 +0100
commit25dd0e77898c3e10796d4cbeb35e8af5ba6ce975 (patch)
treec92fef1efcce9d5b05927b6df09e28ac45d5ae2f /hw/core
parent0c26c080ee592ea47597d3ab8fd712d7d2c4ba0f (diff)
parent25e11d8774630600ef4c5e9906419a77163a28a1 (diff)
downloadfocaccia-qemu-25dd0e77898c3e10796d4cbeb35e8af5ba6ce975.tar.gz
focaccia-qemu-25dd0e77898c3e10796d4cbeb35e8af5ba6ce975.zip
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging
trivial patches for 2017-07-31

# gpg: Signature made Mon 31 Jul 2017 11:18:57 BST
# gpg:                using RSA key 0x701B4F6B1A693E59
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931  4B22 701B 4F6B 1A69 3E59

* remotes/mjt/tags/trivial-patches-fetch: (25 commits)
  docs: fix broken paths to docs/specs/ivshmem-spec.txt
  docs: fix broken paths to docs/config/ich9-ehci-uhci.cfg
  docs: fix broken paths to docs/devel/tracing.txt
  docs: fix broken paths to docs/devel/atomics.txt
  docs: fix broken paths to docs/devel/qapi-code-gen.txt
  docs: fix broken paths to docs/interop/qcow2.txt
  docs: fix broken paths to docs/interop dir
  thunk: assert nb_fields is valid
  syscall: check inotify() and eventfd() return value
  syscall: fix use of uninitialized values
  syscall: fix dereference of undefined pointer
  linux-user/sh4: fix incorrect memory write
  m68k/translate: fix incorrect copy/paste
  net/eth: fix incorrect check of iov_to_buf() return value
  ui/vnc: fix leak of SocketAddress **
  qcow2: fix null pointer dereference
  ivshmem: fix incorrect error handling in ivshmem_recv_msg()
  loader: check get_image_size() return value
  tests: add missing dependency to build QTEST_QEMU_BINARY
  qemu-system-tricore: segfault when entering "x 0" on the monitor
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/core')
-rw-r--r--hw/core/loader.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/core/loader.c b/hw/core/loader.c
index e5e8cbb638..ebe574c7ea 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -146,7 +146,7 @@ int load_image_targphys_as(const char *filename,
     int size;
 
     size = get_image_size(filename);
-    if (size > max_sz) {
+    if (size < 0 || size > max_sz) {
         return -1;
     }
     if (size > 0) {
@@ -168,7 +168,7 @@ int load_image_mr(const char *filename, MemoryRegion *mr)
 
     size = get_image_size(filename);
 
-    if (size > memory_region_size(mr)) {
+    if (size < 0 || size > memory_region_size(mr)) {
         return -1;
     }
     if (size > 0) {