eif: cope with huge section offsets
Check for overflow to avoid that fseek() receives a sign-extended value. Cc: Dorjoy Chowdhury <dorjoychy111@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
parent
8fa11a4df3
commit
619d144751
@ -466,6 +466,10 @@ bool read_eif_file(const char *eif_path, const char *machine_initrd,
|
|||||||
EifSectionHeader hdr;
|
EifSectionHeader hdr;
|
||||||
uint16_t section_type;
|
uint16_t section_type;
|
||||||
|
|
||||||
|
if (eif_header.section_offsets[i] > OFF_MAX) {
|
||||||
|
error_setg(errp, "Invalid EIF image. Section offset out of bounds");
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
if (fseek(f, eif_header.section_offsets[i], SEEK_SET) != 0) {
|
if (fseek(f, eif_header.section_offsets[i], SEEK_SET) != 0) {
|
||||||
error_setg_errno(errp, errno, "Failed to offset to %" PRIu64 " in EIF file",
|
error_setg_errno(errp, errno, "Failed to offset to %" PRIu64 " in EIF file",
|
||||||
eif_header.section_offsets[i]);
|
eif_header.section_offsets[i]);
|
||||||
|
@ -297,6 +297,10 @@ void QEMU_ERROR("code path is reachable")
|
|||||||
#error building with G_DISABLE_ASSERT is not supported
|
#error building with G_DISABLE_ASSERT is not supported
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef OFF_MAX
|
||||||
|
#define OFF_MAX (sizeof (off_t) == 8 ? INT64_MAX : INT32_MAX)
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef O_LARGEFILE
|
#ifndef O_LARGEFILE
|
||||||
#define O_LARGEFILE 0
|
#define O_LARGEFILE 0
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user