Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion

From:	Vladimir Sementsov-Ogievskiy
Subject:	Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion
Date:	Tue, 26 Sep 2023 13:08:58 +0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0

On 26.09.23 04:26, Alistair Francis wrote:

On Tue, Sep 26, 2023 at 6:42 AM Vladimir Sementsov-Ogievskiy
<vsementsov@yandex-team.ru> wrote:


Coverity mark this size, got from the buffer as untrasted value, it's


s/untrasted/untrusted/g


will fix.

not good to use it as length when writing to file. Make the assertion
more strict to also check upper bound.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>


Reviewed-by: Alistair Francis <alistair.francis@wdc.com>


Thanks!

---
  softmmu/device_tree.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/softmmu/device_tree.c b/softmmu/device_tree.c
index 30aa3aea9f..adc4236e21 100644
--- a/softmmu/device_tree.c
+++ b/softmmu/device_tree.c
@@ -660,7 +660,7 @@ void qmp_dumpdtb(const char *filename, Error **errp)

      size = fdt_totalsize(current_machine->fdt);

-    g_assert(size > 0);
+    g_assert(size > 0 && size <= FDT_MAX_SIZE);

      if (!g_file_set_contents(filename, current_machine->fdt, size, &err)) {
          error_setg(errp, "Error saving FDT to file %s: %s",
--
2.34.1


--
Best regards,
Vladimir

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 02/12] hw/i386/intel_iommu: vtd_slpte_nonzero_rsvd(): reduce magic numbers, (continued)
- [PATCH 01/12] hw/core/loader: load_at(): check size, Vladimir Sementsov-Ogievskiy, 2023/09/25
  - Re: [PATCH 01/12] hw/core/loader: load_at(): check size, Peter Maydell, 2023/09/26
    - Re: [PATCH 01/12] hw/core/loader: load_at(): check size, Vladimir Sementsov-Ogievskiy, 2023/09/26
    - Re: [PATCH 01/12] hw/core/loader: load_at(): check size, Peter Maydell, 2023/09/26
    - Re: [PATCH 01/12] hw/core/loader: load_at(): check size, Vladimir Sementsov-Ogievskiy, 2023/09/26
- [PATCH 03/12] util/filemonitor-inotify: qemu_file_monitor_watch(): avoid overflow, Vladimir Sementsov-Ogievskiy, 2023/09/25
  - Re: [PATCH 03/12] util/filemonitor-inotify: qemu_file_monitor_watch(): avoid overflow, Peter Maydell, 2023/09/26
- [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion, Vladimir Sementsov-Ogievskiy, 2023/09/25
  - Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion, Alistair Francis, 2023/09/25
    - Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion, Vladimir Sementsov-Ogievskiy <=
  - Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion, Peter Maydell, 2023/09/26
    - Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion, Vladimir Sementsov-Ogievskiy, 2023/09/26
    - Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion, Peter Maydell, 2023/09/26
- [PATCH 06/12] mc146818rtc: rtc_set_time(): initialize tm to zeroes, Vladimir Sementsov-Ogievskiy, 2023/09/25
  - Re: [PATCH 06/12] mc146818rtc: rtc_set_time(): initialize tm to zeroes, Peter Maydell, 2023/09/26
- [PATCH 08/12] block/nvme: nvme_process_completion() fix bound for cid, Vladimir Sementsov-Ogievskiy, 2023/09/25
  - Re: [PATCH 08/12] block/nvme: nvme_process_completion() fix bound for cid, Michael Tokarev, 2023/09/25
  - Re: [PATCH 08/12] block/nvme: nvme_process_completion() fix bound for cid, Peter Maydell, 2023/09/26
- [PATCH 07/12] pcie_sriov: unregister_vfs(): fix error path, Vladimir Sementsov-Ogievskiy, 2023/09/25
- [PATCH 10/12] hw/core/loader: gunzip(): initialize z_stream, Vladimir Sementsov-Ogievskiy, 2023/09/25

Prev by Date: [PATCH RFC V2 11/37] hw/acpi: Add ACPI CPU hotplug init stub
Next by Date: [PATCH RFC V2 13/37] hw/acpi: Init GED framework with cpu hotplug events
Previous by thread: Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion
Next by thread: Re: [PATCH 05/12] device_tree: qmp_dumpdtb(): stronger assertion
Index(es):
- Date
- Thread