X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=device_tree.c;h=f8b46b3c7331ae42dcc3be5ee4c5ce3d370d47c6;hb=d65af288a84d8bf8c27e55d45545f52f016c08a7;hp=6d9c9726f66c93c9faf50399d10fc7fa7d44dad9;hpb=46d0885adff9b99622d72f23a8b04c298a8bf91d;p=mirror_qemu.git

diff --git a/device_tree.c b/device_tree.c
index 6d9c9726f6..f8b46b3c73 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -84,6 +84,10 @@ void *load_device_tree(const char *filename_path, int *sizep)
                      filename_path);
         goto fail;
     }
+    if (dt_size > INT_MAX / 2 - 10000) {
+        error_report("Device tree file '%s' is too large", filename_path);
+        goto fail;
+    }
 
     /* Expand to 2x size to give enough room for manipulation.  */
     dt_size += 10000;
@@ -91,7 +95,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
     /* First allocate space in qemu for device tree */
     fdt = g_malloc0(dt_size);
 
-    dt_file_load_size = load_image(filename_path, fdt);
+    dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
     if (dt_file_load_size < 0) {
         error_report("Unable to open device tree file '%s'",
                      filename_path);