Thanks, applied.
On Wed, Nov 16, 2011 at 18:41, Markus Armbruster wrote:
> Happily passes (size_t)-1 to rom_add_blob_fixed(), which promptly dies
> attempting to malloc that much. Spotted by Coverity.
>
> Bonus fix for ROMs larger than INT_MAX bytes: return ssize_t instead
> of int. Bug can't b
Happily passes (size_t)-1 to rom_add_blob_fixed(), which promptly dies
attempting to malloc that much. Spotted by Coverity.
Bonus fix for ROMs larger than INT_MAX bytes: return ssize_t instead
of int. Bug can't bite, because the only user load_aout() limits ROM
size to an int value.
Signed-off-
