On Fri, 30 Nov 2018 at 15:20, Peter Maydell <peter.mayd...@linaro.org> wrote: > > This patchset removes the load_image() function, which we noted > in a comment as being deprecated in 2008 but were still using > in a handful of places. All the use cases are bugs of some > kind or another, either straightforward "no length checking > at all" or "doesn't cope with the file getting larger between > get_image_size()'s length check and the read in load_image()". > IRC consensus was that this doesn't rise to the level of a > security issue since the images being loaded should either > be trusted or the management layer app should be fencing things > off to ensure they don't change underfoot. > > The replacement is either: > * g_file_get_contents(), in places where we were previously > explicitly g_malloc()ing a buffer to load the image > * load_image_size(), in places where we load the image > into a pre-existing buffer, MemoryRegion, etc > > The final patch in the series adds a documentation comment > for load_image_size().
I'm putting together a pullreq with some of the miscellaneous cleanup patches I've sent out during codefreeze. I'm going to add this series to it, with this squashed into patch 5: @@ -982,7 +982,7 @@ static void load_linux(PCMachineState *pcms, if (initrd_size >= initrd_max) { fprintf(stderr, "qemu: initrd is too large, cannot support." "(max: %"PRIu32", need %"PRId64")\n", - initrd_max, initrd_size); + initrd_max, (uint64_t)initrd_size); exit(1); } and the commit message tweaks Eric requested to mention when error-checking was added. thanks -- PMM