From 502442eae625ab550ec2f3b7cb4086f84b6fdb73 Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Wed, 18 Sep 2013 09:31:09 +0200
Subject: [PATCH 25/29] pc_sysfw: Fix ISA BIOS init for ridiculously big flash

RH-Author: Markus Armbruster <armbru@redhat.com>
Message-id: <1379496669-22778-9-git-send-email-armbru@redhat.com>
Patchwork-id: 54427
O-Subject: [PATCH 7.0 qemu-kvm 8/8] pc_sysfw: Fix ISA BIOS init for ridiculously big flash
Bugzilla: 1009328
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>

From: Markus Armbruster <armbru@redhat.com>

pc_isa_bios_init() suffers integer overflow for flash larger than
INT_MAX.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-id: 1375276272-15988-9-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
(cherry picked from commit 7f87af39dc786a979e7ebba338d0781e366060ed)
---
 hw/block/pc_sysfw.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hw/block/pc_sysfw.c |    5 +----
 1 files changed, 1 insertions(+), 4 deletions(-)

diff --git a/hw/block/pc_sysfw.c b/hw/block/pc_sysfw.c
index 2bbedc9..4e3e6b6 100644
--- a/hw/block/pc_sysfw.c
+++ b/hw/block/pc_sysfw.c
@@ -54,10 +54,7 @@ static void pc_isa_bios_init(MemoryRegion *rom_memory,
     flash_size = memory_region_size(flash_mem);
 
     /* map the last 128KB of the BIOS in ISA space */
-    isa_bios_size = flash_size;
-    if (isa_bios_size > (128 * 1024)) {
-        isa_bios_size = 128 * 1024;
-    }
+    isa_bios_size = MIN(flash_size, 128 * 1024);
     isa_bios = g_malloc(sizeof(*isa_bios));
     memory_region_init_ram(isa_bios, "isa-bios", isa_bios_size);
     vmstate_register_ram_global(isa_bios);
-- 
1.7.1