Commit ec5fd402 authored Sep 14, 2015 by Paolo Bonzini Committed by Michael Tokarev Oct 08, 2015

pc: check for underflow in load_linux



If (setup_size+1)*512 is small enough, kernel_size -= setup_size can allocate
a huge amount of memory.  Avoid that.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

parent 16033ba5

hw/i386/pc.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -985,6 +985,10 @@ static void load_linux(PCMachineState *pcms,
		setup_size = 4;
		}
		setup_size = (setup_size+1)*512;
		if (setup_size > kernel_size) {
		fprintf(stderr, "qemu: invalid kernel header\n");
		exit(1);
		}
		kernel_size -= setup_size;

		setup = g_malloc(setup_size);