Multiboot patches

-----BEGIN PGP SIGNATURE----- iQIcBAABAgAGBQJasm5sAAoJEH8JsnLIjy/WQIoP/i+eMqx3JyaHneycZX5oooqF JHjMWTlCBrVqlj0bozmgV5moya8Crg7TbpdRCWoyQuHpWz/mLIWaY6R0rx688/A1 WsuYHeC853+6Uq/tXEaajfKK1o/AVdOQYsM5rGtKJ3kvzJfUPiVHy+8R0fvWaAvB cSONmgk+gsxL6NT+ltYEPMz6cZL9xZbRRPLX8gCAVSlOM51ESJaRwD8dtUkypM2M Ej7P1b1ukarhgZj0UmDlgDAF5HBvLOiJszabh4jmzFQYwCW3ed5sVLyFLbLmxzz+ yO8iMdvh7lw8Q0krbArXyrEjuBvdUee3deveZ63hXpWKtR4K35Zysg/axWRj1RhX lsjJtcay13rwp6MMRXM16rvjI44Nrdjqsrl8aTPd9ISUDDRpfNRk6eAlusBQ+Udr Sqdevf6c5oIufqWtAfXsfP4T58Lt92mi9fO3+TbtREF1c20zP6I1XDSFdZuA+BtQ Cl92rIRmhTp1n4VFMMjvl3d0b9pbZrdeYrbXgGeE6FXiHAjeSzVLAk7QTJuKRGUW TcxlVmcpA2igfSBrniIqNZF66T17eWwJi3iqzzeCMudEdP5ETx9Hg0eCuFpgK5Kg PEcVDlmvaspztmn6Q/jJepNa8Mu2bbmt7xaCYRtymzIQinfOkmzDfC5DgqMagayC LQDy7zqq4KA26gzUAH2z =xuRL -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Multiboot patches # gpg: Signature made Wed 21 Mar 2018 14:38:36 GMT # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: tests/multiboot: Add .gitignore tests/multiboot: Add tests for the a.out kludge tests/multiboot: Test exit code for every qemu run multiboot: Check validity of mh_header_addr multiboot: Reject kernels exceeding the address space Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2025-08-08 18:23:57 -06:00 · 2018-03-22 14:01:29 +00:00 · 2018-03-22 14:01:29 +00:00 · 211d626020
commit 211d626020
parent 99728ba3ec e2679395d5
6 changed files with 227 additions and 20 deletions
--- a/hw/i386/multiboot.c
+++ b/hw/i386/multiboot.c
@ -229,6 +229,10 @@ int load_multiboot(FWCfgState *fw_cfg,
            error_report("invalid load_addr address");
            exit(1);
        }
+        if (mh_header_addr - mh_load_addr > i) {
+            error_report("invalid header_addr address");
+            exit(1);
+        }

        uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
        uint32_t mb_load_size = 0;
@ -247,6 +251,10 @@ int load_multiboot(FWCfgState *fw_cfg,
            }
            mb_load_size = kernel_file_size - mb_kernel_text_offset;
        }
+        if (mb_load_size > UINT32_MAX - mh_load_addr) {
+            error_report("kernel does not fit in address space");
+            exit(1);
+        }
        if (mh_bss_end_addr) {
            if (mh_bss_end_addr < (mh_load_addr + mb_load_size)) {
                error_report("invalid bss_end_addr address");