From 502442eae625ab550ec2f3b7cb4086f84b6fdb73 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 18 Sep 2013 09:31:09 +0200 Subject: [PATCH 25/29] pc_sysfw: Fix ISA BIOS init for ridiculously big flash RH-Author: Markus Armbruster Message-id: <1379496669-22778-9-git-send-email-armbru@redhat.com> Patchwork-id: 54427 O-Subject: [PATCH 7.0 qemu-kvm 8/8] pc_sysfw: Fix ISA BIOS init for ridiculously big flash Bugzilla: 1009328 RH-Acked-by: Paolo Bonzini RH-Acked-by: Laszlo Ersek RH-Acked-by: Miroslav Rezanina From: Markus Armbruster pc_isa_bios_init() suffers integer overflow for flash larger than INT_MAX. Signed-off-by: Markus Armbruster Acked-by: Laszlo Ersek Acked-by: Stefano Stabellini Acked-by: Christian Borntraeger Message-id: 1375276272-15988-9-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori (cherry picked from commit 7f87af39dc786a979e7ebba338d0781e366060ed) --- hw/block/pc_sysfw.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) Signed-off-by: Miroslav Rezanina --- hw/block/pc_sysfw.c | 5 +---- 1 files changed, 1 insertions(+), 4 deletions(-) diff --git a/hw/block/pc_sysfw.c b/hw/block/pc_sysfw.c index 2bbedc9..4e3e6b6 100644 --- a/hw/block/pc_sysfw.c +++ b/hw/block/pc_sysfw.c @@ -54,10 +54,7 @@ static void pc_isa_bios_init(MemoryRegion *rom_memory, flash_size = memory_region_size(flash_mem); /* map the last 128KB of the BIOS in ISA space */ - isa_bios_size = flash_size; - if (isa_bios_size > (128 * 1024)) { - isa_bios_size = 128 * 1024; - } + isa_bios_size = MIN(flash_size, 128 * 1024); isa_bios = g_malloc(sizeof(*isa_bios)); memory_region_init_ram(isa_bios, "isa-bios", isa_bios_size); vmstate_register_ram_global(isa_bios); -- 1.7.1