Commit 7686f6b6 authored by Michael Tokarev's avatar Michael Tokarev

device_tree-don-t-use-load_image-CVE-2018-20815.patch

parent 332e2b64
From: Peter Maydell <peter.maydell@linaro.org>
Date: Fri, 14 Dec 2018 13:30:52 +0000
Subject: device_tree.c: Don't use load_image() (CVE-2018-20815)
Commit-Id: da885fe1ee8b4589047484bd7fa05a4905b52b17
The load_image() function is deprecated, as it does not let the
caller specify how large the buffer to read the file into is.
Instead use load_image_size().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20181130151712.2312-9-peter.maydell@linaro.org
---
device_tree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/device_tree.c b/device_tree.c
index 6d9c9726f66..296278e12ae 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
/* First allocate space in qemu for device tree */
fdt = g_malloc0(dt_size);
- dt_file_load_size = load_image(filename_path, fdt);
+ dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
if (dt_file_load_size < 0) {
error_report("Unable to open device tree file '%s'",
filename_path);
--
2.11.0
......@@ -8,3 +8,4 @@ scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
i2c-ddc-fix-oob-read-CVE-2019-3812.patch
slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch
device_tree-don-t-use-load_image-CVE-2018-20815.patch
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment