This patch fixes a possible integer overflow when we calculate
the total size of ELF segments loaded.
Reported-by: Coverity (CID 1405299)
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <
20190910124828.39794-1-sgarzare@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
return "The image is from incompatible architecture";
case ELF_LOAD_WRONG_ENDIAN:
return "The image has incorrect endianness";
+ case ELF_LOAD_TOO_BIG:
+ return "The image segments are too big to load";
default:
return "Unknown error";
}
}
}
+ if (mem_size > INT_MAX - total_size) {
+ ret = ELF_LOAD_TOO_BIG;
+ goto fail;
+ }
+
/* address_offset is hack for kernel images that are
linked at the wrong physical address. */
if (translate_fn) {
#define ELF_LOAD_NOT_ELF -2
#define ELF_LOAD_WRONG_ARCH -3
#define ELF_LOAD_WRONG_ENDIAN -4
+#define ELF_LOAD_TOO_BIG -5
const char *load_elf_strerror(int error);
/** load_elf_ram_sym:
projects / qemu-xen.git / commitdiff