From: Ian Jackson <iwj@mariner.uk.xensource.com>
Date: Wed, 14 May 2008 13:45:40 +0000 (+0100)
Subject: Merge branch 'origin'
X-Git-Tag: xen-3.3.0-rc1~194^2
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=a1fa7745c08f26aee821df61f0dca2dcb48abbb7;p=qemu-xen-3.4-testing.git

Merge branch 'origin'

Conflicts:
	hw/ide.c
	hw/pc.c
	loader.c
	osdep.c
	osdep.h
	qemu-common.h
(All easily resolved.)
---

a1fa7745c08f26aee821df61f0dca2dcb48abbb7
diff --cc loader.c
index 813756e9,289ba0f0..dcb5a6bf
--- a/loader.c
+++ b/loader.c
@@@ -125,18 -205,22 +204,22 @@@ int load_aout(const char *filename, tar
      case ZMAGIC:
      case QMAGIC:
      case OMAGIC:
+         if (e.a_text + e.a_data > max_sz)
+             goto fail;
  	lseek(fd, N_TXTOFF(e), SEEK_SET);
- 	size = qemu_read(fd, addr, e.a_text + e.a_data);
+ 	size = read_targphys(fd, addr, e.a_text + e.a_data);
 -	if (size < 0)
 +	if (size != e.a_text + e.a_data)
  	    goto fail;
  	break;
      case NMAGIC:
+         if (N_DATADDR(e) + e.a_data > max_sz)
+             goto fail;
  	lseek(fd, N_TXTOFF(e), SEEK_SET);
- 	size = qemu_read(fd, addr, e.a_text);
+ 	size = read_targphys(fd, addr, e.a_text);
 -	if (size < 0)
 +	if (size != e.a_text)
  	    goto fail;
- 	ret = qemu_read(fd, addr + N_DATADDR(e), e.a_data);
+ 	ret = read_targphys(fd, addr + N_DATADDR(e), e.a_data);
 -	if (ret < 0)
 +	if (ret != e.a_data)
  	    goto fail;
  	size += ret;
  	break;
diff --cc qemu-common.h
index 66756bf7,a2461446..964e203a
--- a/qemu-common.h
+++ b/qemu-common.h
@@@ -86,17 -86,14 +86,25 @@@ int strstart(const char *str, const cha
  int stristart(const char *str, const char *val, const char **ptr);
  time_t mktimegm(struct tm *tm);
  
 +#define CTYPE(isfoobar,argumentchar) (isfoobar((unsigned char)(argumentchar)))
 +  /* One must not pass a plain `char' to isupper, toupper, et al.  If
 +   * it has the top bit set (ie, is negative if your chars are
 +   * signed), undefined behaviour results.  The <ctype.h> functions
 +   * are defined to take the value of an unsigned char, as an int.
 +   * So use this macro.  You may pass toupper et al for isfoobar.
 +   * Do not pass EOF as a character to this macro.  If you might have
 +   * EOF then you ought to have it in an int representing an unsigned
 +   * char, which is safe for the ctype macros directly.  Or test separately.
 +   * Obviously don't use this for floating point things like isnan! */
 +
+ void *qemu_malloc(size_t size);
+ void *qemu_mallocz(size_t size);
+ void qemu_free(void *ptr);
+ char *qemu_strdup(const char *str);
+ 
+ void *get_mmap_addr(unsigned long size);
+ 
+ 
  /* Error handling.  */
  
  void hw_error(const char *fmt, ...)