summaryrefslogtreecommitdiffstats
path: root/qemu/roms/openbios/libopenbios
diff options
context:
space:
mode:
authorJosé Pekkarinen <jose.pekkarinen@nokia.com>2016-05-18 13:18:31 +0300
committerJosé Pekkarinen <jose.pekkarinen@nokia.com>2016-05-18 13:42:15 +0300
commit437fd90c0250dee670290f9b714253671a990160 (patch)
treeb871786c360704244a07411c69fb58da9ead4a06 /qemu/roms/openbios/libopenbios
parent5bbd6fe9b8bab2a93e548c5a53b032d1939eec05 (diff)
These changes are the raw update to qemu-2.6.
Collission happened in the following patches: migration: do cleanup operation after completion(738df5b9) Bug fix.(1750c932f86) kvmclock: add a new function to update env->tsc.(b52baab2) The code provided by the patches was already in the upstreamed version. Change-Id: I3cc11841a6a76ae20887b2e245710199e1ea7f9a Signed-off-by: José Pekkarinen <jose.pekkarinen@nokia.com>
Diffstat (limited to 'qemu/roms/openbios/libopenbios')
-rw-r--r--qemu/roms/openbios/libopenbios/bindings.c8
-rw-r--r--qemu/roms/openbios/libopenbios/bootinfo_load.c6
2 files changed, 14 insertions, 0 deletions
diff --git a/qemu/roms/openbios/libopenbios/bindings.c b/qemu/roms/openbios/libopenbios/bindings.c
index 5323421f5..4f7a99379 100644
--- a/qemu/roms/openbios/libopenbios/bindings.c
+++ b/qemu/roms/openbios/libopenbios/bindings.c
@@ -366,6 +366,14 @@ find_dev( const char *path )
return ret;
}
+char *
+get_path_from_ph( phandle_t ph )
+{
+ PUSH(ph);
+ fword("get-package-path");
+ return pop_fstr_copy();
+}
+
phandle_t
dt_iter_begin( void )
{
diff --git a/qemu/roms/openbios/libopenbios/bootinfo_load.c b/qemu/roms/openbios/libopenbios/bootinfo_load.c
index fa9e36bd4..f33678185 100644
--- a/qemu/roms/openbios/libopenbios/bootinfo_load.c
+++ b/qemu/roms/openbios/libopenbios/bootinfo_load.c
@@ -161,6 +161,12 @@ bootinfo_init_program(void)
feval("load-size");
size = POP();
+ /* Some bootinfo scripts contain a binary payload after the
+ NULL-terminated Forth string such as OS 9. Restrict our
+ size to just the Forth section, otherwise we end up trying
+ to allocate memory for the entire binary which might fail. */
+ size = strnlen(base, size);
+
bootscript = malloc(size);
if (bootscript == NULL) {
DPRINTF("Can't malloc %d bytes\n", size);