diff options
author | Markus Armbruster <armbru@redhat.com> | 2011-11-16 19:41:56 +0100 |
---|---|---|
committer | Blue Swirl <blauwirbel@gmail.com> | 2011-11-19 11:23:42 +0000 |
commit | 725e14e91f80b6b2c07b75b66b7b042a9fa9340c (patch) | |
tree | 093a3bfc53e586113b29cd69702cf8b9150f9c4b /hw/loader.h | |
parent | 96d922a654f4b5a806af43d6dc6fa7c1becbbac6 (diff) | |
download | qemu-725e14e91f80b6b2c07b75b66b7b042a9fa9340c.zip qemu-725e14e91f80b6b2c07b75b66b7b042a9fa9340c.tar.gz qemu-725e14e91f80b6b2c07b75b66b7b042a9fa9340c.tar.bz2 |
loader: Fix read_targphys() to behave when read() fails
Happily passes (size_t)-1 to rom_add_blob_fixed(), which promptly dies
attempting to malloc that much. Spotted by Coverity.
Bonus fix for ROMs larger than INT_MAX bytes: return ssize_t instead
of int. Bug can't bite, because the only user load_aout() limits ROM
size to an int value.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Diffstat (limited to 'hw/loader.h')
-rw-r--r-- | hw/loader.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/loader.h b/hw/loader.h index fc6bdff..fbcaba9 100644 --- a/hw/loader.h +++ b/hw/loader.h @@ -14,8 +14,8 @@ int load_aout(const char *filename, target_phys_addr_t addr, int max_sz, int load_uimage(const char *filename, target_phys_addr_t *ep, target_phys_addr_t *loadaddr, int *is_linux); -int read_targphys(const char *name, - int fd, target_phys_addr_t dst_addr, size_t nbytes); +ssize_t read_targphys(const char *name, + int fd, target_phys_addr_t dst_addr, size_t nbytes); void pstrcpy_targphys(const char *name, target_phys_addr_t dest, int buf_size, const char *source); |