Git Repo - qemu.git/commit

author	Markus Armbruster <[email protected]>
	Wed, 23 Jan 2013 17:25:08 +0000 (18:25 +0100)
committer	Blue Swirl <[email protected]>
	Sat, 26 Jan 2013 13:23:33 +0000 (13:23 +0000)
commit	d09acb9b5ef0bb4fa94d3d459919a6ebaf8804bc
tree	3ab5a8bc33f0856f130c055b1c1eba2e7585ce9a	tree \| snapshot
parent	a6e7c18476f5383720b3f57ef4f467b2e7c2565e	commit \| diff

fw_cfg: Splash image loader can overrun a stack variable, fix

read_splashfile() passes the address of an int variable as size_t *
parameter to g_file_get_contents(), with a cast to gag the compiler.

No problem on machines where sizeof(size_t) == sizeof(int).

Happens to work on my x86_64 box (64 bit little endian): the least
significant 32 bits of the file size end up in the right place
(caller's variable file_size), and the most significant 32 bits
clobber a place that gets assigned to before its next use (caller's
variable file_type).

I'd expect it to break on a 64 bit big-endian box.

Fix up the variable types and drop the problematic cast.

Signed-off-by: Markus Armbruster <[email protected]>
Reviewed-by: Laszlo Ersek <[email protected]>
Signed-off-by: Blue Swirl <[email protected]>

hw/fw_cfg.c		diff \| blob \| blame \| history
include/sysemu/sysemu.h		diff \| blob \| blame \| history
vl.c		diff \| blob \| blame \| history