[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion
|
From: |
Vladimir Sementsov-Ogievskiy |
|
Subject: |
[PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion |
|
Date: |
Mon, 25 Sep 2023 22:40:33 +0300 |
Coverity mark this size, got from the buffer as untrasted value, it's
not good to use it as length when writing to file. Make the assertion
more strict to also check upper bound.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
---
softmmu/device_tree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/softmmu/device_tree.c b/softmmu/device_tree.c
index 30aa3aea9f..adc4236e21 100644
--- a/softmmu/device_tree.c
+++ b/softmmu/device_tree.c
@@ -660,7 +660,7 @@ void qmp_dumpdtb(const char *filename, Error **errp)
size = fdt_totalsize(current_machine->fdt);
- g_assert(size > 0);
+ g_assert(size > 0 && size <= FDT_MAX_SIZE);
if (!g_file_set_contents(filename, current_machine->fdt, size, &err)) {
error_setg(errp, "Error saving FDT to file %s: %s",
--
2.34.1
- Re: [PATCH 02/12] hw/i386/intel_iommu: vtd_slpte_nonzero_rsvd(): reduce magic numbers, (continued)
[PATCH 01/12] hw/core/loader: load_at(): check size, Vladimir Sementsov-Ogievskiy, 2023/09/25
[PATCH 03/12] util/filemonitor-inotify: qemu_file_monitor_watch(): avoid overflow, Vladimir Sementsov-Ogievskiy, 2023/09/25
[PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion,
Vladimir Sementsov-Ogievskiy <=
[PATCH 06/12] mc146818rtc: rtc_set_time(): initialize tm to zeroes, Vladimir Sementsov-Ogievskiy, 2023/09/25
[PATCH 08/12] block/nvme: nvme_process_completion() fix bound for cid, Vladimir Sementsov-Ogievskiy, 2023/09/25