roms: assert if max rom size is less than the used size

It would ensure that we would notice attempt to write beyond
the allocated buffer. In case of MemoryRegion backed ROM it's
the host buffer and the guest RAM otherwise.

assert can be triggered with:
  dd if=/dev/zero of=/tmp/blob bs=63k count=1
  qemu-system-x86_64 `for  i in {1..33}; do echo -n " -acpitable /tmp/blob"; done`

Fixes: (a1666142db acpi-build: make ROMs RAM blocks resizeable)
Reported-by: Wei Yang <[email protected]>
Signed-off-by: Igor Mammedov <[email protected]>
Message-Id: <1554982098[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>

diff --git a/hw/core/loader.c b/hw/core/loader.c
index fe5cb24122559dfdb7b5648fb5e2fc90b3cbc56a..a097bbe30a7403846e2289a40f0fb31783b8fbc0 100644 (file)
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1025,6 +1025,7 @@ MemoryRegion *rom_add_blob(const char *name, const void *blob, size_t len,
     rom->addr     = addr;
     rom->romsize  = max_len ? max_len : len;
     rom->datasize = len;
+    g_assert(rom->romsize >= rom->datasize);
     rom->data     = g_malloc0(rom->datasize);
     memcpy(rom->data, blob, len);
     rom_insert(rom);