pc_isa_bios_init() suffers integer overflow for flash larger than
INT_MAX.
Signed-off-by: Markus Armbruster <arm...@redhat.com>
---
hw/block/pc_sysfw.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/hw/block/pc_sysfw.c b/hw/block/pc_sysfw.c
index 412d1b0..aebefc9 100644
--- a/hw/block/pc_sysfw.c
+++ b/hw/block/pc_sysfw.c
@@ -54,10 +54,7 @@ static void pc_isa_bios_init(MemoryRegion *rom_memory,
flash_size = memory_region_size(flash_mem);
/* map the last 128KB of the BIOS in ISA space */
- isa_bios_size = flash_size;
- if (isa_bios_size > (128 * 1024)) {
- isa_bios_size = 128 * 1024;
- }
+ isa_bios_size = MIN(flash_size, 128 * 1024);
isa_bios = g_malloc(sizeof(*isa_bios));
memory_region_init_ram(isa_bios, "isa-bios", isa_bios_size);
vmstate_register_ram_global(isa_bios);
--
1.7.11.7
