[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 041/113] multiboot: Check validity of mh_header_addr
|
From: |
Michael Roth |
|
Subject: |
[Qemu-devel] [PATCH 041/113] multiboot: Check validity of mh_header_addr |
|
Date: |
Mon, 18 Jun 2018 20:42:07 -0500 |
From: Kevin Wolf <address@hidden>
I couldn't find a case where this prevents something bad from happening
that isn't already caught by other checks, but let's err on the safe
side and check that mh_header_addr is as expected.
Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Jack Schwartz <address@hidden>
(cherry picked from commit dbf2dce7aabb7723542bd182175904846d70b0f9)
Signed-off-by: Michael Roth <address@hidden>
---
hw/i386/multiboot.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
index 775aa5bfd0..36b22832cd 100644
--- a/hw/i386/multiboot.c
+++ b/hw/i386/multiboot.c
@@ -229,6 +229,10 @@ int load_multiboot(FWCfgState *fw_cfg,
error_report("invalid load_addr address");
exit(1);
}
+ if (mh_header_addr - mh_load_addr > i) {
+ error_report("invalid header_addr address");
+ exit(1);
+ }
uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
uint32_t mb_load_size = 0;
--
2.11.0
- [Qemu-devel] [PATCH 032/113] address_space_map: address_space_to_flatview needs RCU lock, (continued)
- [Qemu-devel] [PATCH 032/113] address_space_map: address_space_to_flatview needs RCU lock, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 033/113] address_space_rw: address_space_to_flatview needs RCU lock, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 035/113] migration/block: reset dirty bitmap before read in bulk phase, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 034/113] memory: fix flatview_access_valid RCU read lock/unlock imbalance, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 036/113] multiboot: bss_end_addr can be zero, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 037/113] multiboot: Remove unused variables from multiboot.c, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 038/113] multiboot: Use header names when displaying fields, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 039/113] multiboot: fprintf(stderr...) -> error_report(), Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 003/113] virtio-balloon: unref the memory region before continuing, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 040/113] multiboot: Reject kernels exceeding the address space, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 041/113] multiboot: Check validity of mh_header_addr,
Michael Roth <=
- [Qemu-devel] [PATCH 042/113] tests/multiboot: Test exit code for every qemu run, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 043/113] tests/multiboot: Add tests for the a.out kludge, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 044/113] tests/multiboot: Add .gitignore, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 046/113] virtio_net: flush uncompleted TX on reset, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 045/113] arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 047/113] qemu-pr-helper: Actually allow users to specify pidfile, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 049/113] iotests: Test preallocated truncate of 2G image, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 048/113] block/file-posix: Fix fully preallocated truncate, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 050/113] tcg: Mark muluh_i64 and mulsh_i64 as 64-bit ops, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 004/113] memfd: fix configure test, Michael Roth, 2018/06/18