loader: Fix read_targphys() to behave when read() fails

Happily passes (size_t)-1 to rom_add_blob_fixed(), which promptly dies attempting to malloc that much. Spotted by Coverity. Bonus fix for ROMs larger than INT_MAX bytes: return ssize_t instead of int. Bug can't bite, because the only user load_aout() limits ROM size to an int value. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-11-16 19:41:56 +01:00 · 2011-11-16 19:41:56 +01:00 · 725e14e91f
parent 96d922a654
commit 725e14e91f
2 changed files with 7 additions and 6 deletions
--- a/hw/loader.c
+++ b/hw/loader.c
@ -85,11 +85,11 @@ int load_image(const char *filename, uint8_t *addr)
 }

 /* read()-like version */
-int read_targphys(const char *name,
-                  int fd, target_phys_addr_t dst_addr, size_t nbytes)
+ssize_t read_targphys(const char *name,
+                      int fd, target_phys_addr_t dst_addr, size_t nbytes)
 {
    uint8_t *buf;
-    size_t did;
+    ssize_t did;

    buf = g_malloc(nbytes);
    did = read(fd, buf, nbytes);
@ -176,7 +176,8 @@ static void bswap_ahdr(struct exec *e)
 int load_aout(const char *filename, target_phys_addr_t addr, int max_sz,
              int bswap_needed, target_phys_addr_t target_page_size)
 {
-    int fd, size, ret;
+    int fd;
+    ssize_t size, ret;
    struct exec e;
    uint32_t magic;

--- a/hw/loader.h
+++ b/hw/loader.h
@ -14,8 +14,8 @@ int load_aout(const char *filename, target_phys_addr_t addr, int max_sz,
 int load_uimage(const char *filename, target_phys_addr_t *ep,
                target_phys_addr_t *loadaddr, int *is_linux);

-int read_targphys(const char *name,
-                  int fd, target_phys_addr_t dst_addr, size_t nbytes);
+ssize_t read_targphys(const char *name,
+                      int fd, target_phys_addr_t dst_addr, size_t nbytes);
 void pstrcpy_targphys(const char *name,
                      target_phys_addr_t dest, int buf_size,
                      const char *source);