Message ID | 1496675657-11599-1-git-send-email-peter.maydell@linaro.org |
---|---|
State | Superseded |
Headers | show |
On Mon, Jun 05, 2017 at 04:14:17PM +0100, Peter Maydell wrote: > The blk_getlength() function can return an error value if the > image size cannot be determined. Check for this rather than > ploughing on and trying to g_malloc0() a negative number. > (Spotted by Coverity, CID 1288484.) > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Applied to ppc-for-2.10, thanks. > --- > hw/nvram/spapr_nvram.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/hw/nvram/spapr_nvram.c b/hw/nvram/spapr_nvram.c > index aa5d2c1..bc355a4 100644 > --- a/hw/nvram/spapr_nvram.c > +++ b/hw/nvram/spapr_nvram.c > @@ -144,7 +144,15 @@ static void spapr_nvram_realize(VIOsPAPRDevice *dev, Error **errp) > int ret; > > if (nvram->blk) { > - nvram->size = blk_getlength(nvram->blk); > + int64_t len = blk_getlength(nvram->blk); > + > + if (len < 0) { > + error_setg_errno(errp, -len, > + "could not get length of backing image"); > + return; > + } > + > + nvram->size = len; > > ret = blk_set_perm(nvram->blk, > BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
diff --git a/hw/nvram/spapr_nvram.c b/hw/nvram/spapr_nvram.c index aa5d2c1..bc355a4 100644 --- a/hw/nvram/spapr_nvram.c +++ b/hw/nvram/spapr_nvram.c @@ -144,7 +144,15 @@ static void spapr_nvram_realize(VIOsPAPRDevice *dev, Error **errp) int ret; if (nvram->blk) { - nvram->size = blk_getlength(nvram->blk); + int64_t len = blk_getlength(nvram->blk); + + if (len < 0) { + error_setg_errno(errp, -len, + "could not get length of backing image"); + return; + } + + nvram->size = len; ret = blk_set_perm(nvram->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
The blk_getlength() function can return an error value if the image size cannot be determined. Check for this rather than ploughing on and trying to g_malloc0() a negative number. (Spotted by Coverity, CID 1288484.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/nvram/spapr_nvram.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) -- 2.7.4