load_image_targphys() should enforce the max size

load_image_targphys() gets passed a max size for the file, but doesn't enforce it at all. Add a check and return -1 (error) if the file is too big, without loading it. Fix the bracing style in the function while we're at it. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
author: Benjamin Herrenschmidt <benh@kernel.crashing.org> 2012-01-11 19:46:20 +0000
committer: Alexander Graf <agraf@suse.de> 2012-01-21 05:17:01 +0100
commit: 17df768c1e4580f03301d18ea938d3557d441911 (patch)
tree: 550ee7f04ccd65e40adbaad7deef695f8e3059ef /hw/loader.c
parent: 06dbfc6f8833475065c9cf5fdbdb990dbb4b619b (diff)
download: focaccia-qemu-17df768c1e4580f03301d18ea938d3557d441911.tar.gz
focaccia-qemu-17df768c1e4580f03301d18ea938d3557d441911.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/hw/loader.c b/hw/loader.c
index 446b62874e..415cdce534 100644
--- a/hw/loader.c
+++ b/hw/loader.c
@@ -108,8 +108,12 @@ int load_image_targphys(const char *filename,
     int size;
 
     size = get_image_size(filename);
-    if (size > 0)
+    if (size > max_sz) {
+        return -1;
+    }
+    if (size > 0) {
         rom_add_file_fixed(filename, addr, -1);
+    }
     return size;
 }
author	Benjamin Herrenschmidt <benh@kernel.crashing.org>	2012-01-11 19:46:20 +0000
committer	Alexander Graf <agraf@suse.de>	2012-01-21 05:17:01 +0100
commit	17df768c1e4580f03301d18ea938d3557d441911 (patch)
tree	550ee7f04ccd65e40adbaad7deef695f8e3059ef /hw/loader.c
parent	06dbfc6f8833475065c9cf5fdbdb990dbb4b619b (diff)
download	focaccia-qemu-17df768c1e4580f03301d18ea938d3557d441911.tar.gz focaccia-qemu-17df768c1e4580f03301d18ea938d3557d441911.zip