mirror of
https://github.com/qemu/qemu.git
synced 2025-08-04 00:12:05 +00:00
b17a9054a0
The code path where mh_load_end_addr is non-zero in the Multiboot header checks that mh_load_end_addr >= mh_load_addr and so mb_load_size is checked. However, mb_load_size is not checked when calculated from the file size, when mh_load_end_addr is 0. If the kernel binary size is larger than can fit in the address space after load_addr, we ended up with a kernel_size that is smaller than load_size, which means that we read the file into a too small buffer. Add a check to reject kernel files with such Multiboot headers. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jack Schwartz <jack.schwartz@oracle.com> |
||
|---|---|---|
| .. | ||
| kvm | ||
| xen | ||
| acpi-build.c | ||
| acpi-build.h | ||
| amd_iommu.c | ||
| amd_iommu.h | ||
| intel_iommu_internal.h | ||
| intel_iommu.c | ||
| kvmvapic.c | ||
| Makefile.objs | ||
| multiboot.c | ||
| multiboot.h | ||
| pc_piix.c | ||
| pc_q35.c | ||
| pc_sysfw.c | ||
| pc.c | ||
| trace-events | ||
| vmmouse.c | ||
| vmport.c | ||
| x86-iommu.c | ||