loader: check get_image_size() return value

since a negative value means it errored. hw/core/loader.c:149:9: warning: Loss of sign in implicit conversion if (size > max_sz) { ^~~~ hw/core/loader.c:171:9: warning: Loss of sign in implicit conversion if (size > memory_region_size(mr)) { ^~~~ Reported-by: Clang Static Analyzer Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
author: Philippe Mathieu-Daudé <f4bug@amsat.org> 2017-07-26 23:42:07 -0300
committer: Michael Tokarev <mjt@tls.msk.ru> 2017-07-31 13:06:38 +0300
commit: 2a4e2e4919d1fcb915f1b33f9396aad5dc4616f5 (patch)
tree: fa28ec741dd84293348d44e4f6206df6b6bd1445
parent: b94b330e233368d906e8b66e827a761e67845c51 (diff)
download: qemu-2a4e2e4919d1fcb915f1b33f9396aad5dc4616f5.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/core/loader.c b/hw/core/loader.c
index e5e8cbb638..ebe574c7ea 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -146,7 +146,7 @@ int load_image_targphys_as(const char *filename,
     int size;
 
     size = get_image_size(filename);
-    if (size > max_sz) {
+    if (size < 0 || size > max_sz) {
         return -1;
     }
     if (size > 0) {
@@ -168,7 +168,7 @@ int load_image_mr(const char *filename, MemoryRegion *mr)
 
     size = get_image_size(filename);
 
-    if (size > memory_region_size(mr)) {
+    if (size < 0 || size > memory_region_size(mr)) {
         return -1;
     }
     if (size > 0) {
author	Philippe Mathieu-Daudé <f4bug@amsat.org>	2017-07-26 23:42:07 -0300
committer	Michael Tokarev <mjt@tls.msk.ru>	2017-07-31 13:06:38 +0300
commit	2a4e2e4919d1fcb915f1b33f9396aad5dc4616f5 (patch)
tree	fa28ec741dd84293348d44e4f6206df6b6bd1445
parent	b94b330e233368d906e8b66e827a761e67845c51 (diff)
download	qemu-2a4e2e4919d1fcb915f1b33f9396aad5dc4616f5.tar.gz