aboutsummaryrefslogtreecommitdiff
path: root/hw/i386
diff options
context:
space:
mode:
authorMarkus Armbruster <armbru@redhat.com>2013-07-31 15:11:12 +0200
committerAnthony Liguori <anthony@codemonkey.ws>2013-09-12 11:45:32 -0500
commit7f87af39dc786a979e7ebba338d0781e366060ed (patch)
tree887d5456331af37a1cb007cc0ca731a162da97ac /hw/i386
parent39228250ce6cf67eb1c3799791d271f53c5c6347 (diff)
downloadqemu-7f87af39dc786a979e7ebba338d0781e366060ed.zip
qemu-7f87af39dc786a979e7ebba338d0781e366060ed.tar.gz
qemu-7f87af39dc786a979e7ebba338d0781e366060ed.tar.bz2
pc_sysfw: Fix ISA BIOS init for ridiculously big flash
pc_isa_bios_init() suffers integer overflow for flash larger than INT_MAX. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-id: 1375276272-15988-9-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
Diffstat (limited to 'hw/i386')
-rw-r--r--hw/i386/pc_sysfw.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index 8246a1b..e917c83 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -53,10 +53,7 @@ static void pc_isa_bios_init(MemoryRegion *rom_memory,
flash_size = memory_region_size(flash_mem);
/* map the last 128KB of the BIOS in ISA space */
- isa_bios_size = flash_size;
- if (isa_bios_size > (128 * 1024)) {
- isa_bios_size = 128 * 1024;
- }
+ isa_bios_size = MIN(flash_size, 128 * 1024);
isa_bios = g_malloc(sizeof(*isa_bios));
memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size);
vmstate_register_ram_global(isa_bios);