Merge "These changes are the raw update to qemu-2.6."

author: Don Dugger <n0ano@n0ano.com> 2016-06-03 03:33:22 +0000
committer: Gerrit Code Review <gerrit@172.30.200.206> 2016-06-03 03:33:23 +0000
commit: da27230f80795d0028333713f036d44c53cb0e68 (patch)
tree: b3d379eaf000adf72b36cb01cdf4d79c3e3f064c /qemu/roms/openbios/libopenbios/bootinfo_load.c
parent: 0e68cb048bb8aadb14675f5d4286d8ab2fc35449 (diff)
parent: 437fd90c0250dee670290f9b714253671a990160 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/qemu/roms/openbios/libopenbios/bootinfo_load.c b/qemu/roms/openbios/libopenbios/bootinfo_load.c
index fa9e36bd4..f33678185 100644
--- a/qemu/roms/openbios/libopenbios/bootinfo_load.c
+++ b/qemu/roms/openbios/libopenbios/bootinfo_load.c
@@ -161,6 +161,12 @@ bootinfo_init_program(void)
 	feval("load-size");
 	size = POP();
 
+	/* Some bootinfo scripts contain a binary payload after the
+	   NULL-terminated Forth string such as OS 9. Restrict our
+	   size to just the Forth section, otherwise we end up trying
+	   to allocate memory for the entire binary which might fail. */
+	size = strnlen(base, size);
+
 	bootscript = malloc(size);
 	if (bootscript == NULL) {
 		DPRINTF("Can't malloc %d bytes\n", size);
author	Don Dugger <n0ano@n0ano.com>	2016-06-03 03:33:22 +0000
committer	Gerrit Code Review <gerrit@172.30.200.206>	2016-06-03 03:33:23 +0000
commit	da27230f80795d0028333713f036d44c53cb0e68 (patch)
tree	b3d379eaf000adf72b36cb01cdf4d79c3e3f064c /qemu/roms/openbios/libopenbios/bootinfo_load.c
parent	0e68cb048bb8aadb14675f5d4286d8ab2fc35449 (diff)
parent	437fd90c0250dee670290f9b714253671a990160 (diff)