From patchwork Mon Mar 19 21:30:59 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Wolfram Sang <wsa+renesas@sang-engineering.com>
X-Patchwork-Id: 10295249
X-Patchwork-Delegate: geert@linux-m68k.org
Return-Path: <linux-renesas-soc-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	6CC96605B4 for <patchwork-linux-renesas-soc@patchwork.kernel.org>;
	Mon, 19 Mar 2018 21:31:14 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5CD6529444
	for <patchwork-linux-renesas-soc@patchwork.kernel.org>;
	Mon, 19 Mar 2018 21:31:14 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 51845294B7; Mon, 19 Mar 2018 21:31:14 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C0A3D2944D
	for <patchwork-linux-renesas-soc@patchwork.kernel.org>;
	Mon, 19 Mar 2018 21:31:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S965212AbeCSVbM (ORCPT
	<rfc822;patchwork-linux-renesas-soc@patchwork.kernel.org>);
	Mon, 19 Mar 2018 17:31:12 -0400
Received: from sauhun.de ([88.99.104.3]:47716 "EHLO pokefinder.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S969549AbeCSVbK (ORCPT
	<rfc822;linux-renesas-soc@vger.kernel.org>);
	Mon, 19 Mar 2018 17:31:10 -0400
Received: from localhost (p54B3377B.dip0.t-ipconnect.de [84.179.55.123])
	by pokefinder.org (Postfix) with ESMTPSA id EFA082C6FD7;
	Mon, 19 Mar 2018 22:31:08 +0100 (CET)
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
To: qemu-devel@nongnu.org
Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>,
	linux-renesas-soc@vger.kernel.org,
	Wolfram Sang <wsa+renesas@sang-engineering.com>
Subject: [PATCH v2 1/3] nvram: at24c: prevent segfault by checking "rom-size"
Date: Mon, 19 Mar 2018 22:30:59 +0100
Message-Id: <20180319213101.6100-2-wsa+renesas@sang-engineering.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180319213101.6100-1-wsa+renesas@sang-engineering.com>
References: <20180319213101.6100-1-wsa+renesas@sang-engineering.com>
Sender: linux-renesas-soc-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-renesas-soc.vger.kernel.org>
X-Mailing-List: linux-renesas-soc@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The value for "rom-size" is used as a divisor, so it must not be 0 or it
will segfault. A size of 0 wouldn't make sense anyhow.

Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 hw/nvram/eeprom_at24c.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/nvram/eeprom_at24c.c b/hw/nvram/eeprom_at24c.c
index 22183f5360..ccf78b25e4 100644
--- a/hw/nvram/eeprom_at24c.c
+++ b/hw/nvram/eeprom_at24c.c
@@ -121,6 +121,11 @@ int at24c_eeprom_init(I2CSlave *i2c)
 {
     EEPROMState *ee = AT24C_EE(i2c);
 
+    if (!ee->rsize) {
+        ERR("rom-size not allowed to be 0\n");
+        exit(1);
+    }
+
     ee->mem = g_malloc0(ee->rsize);
 
     if (ee->blk) {