From 86c03b97cb94e45ed2a6fd3a0855c7523824f24c Mon Sep 17 00:00:00 2001
From: "kaf24@firebug.cl.cam.ac.uk" <kaf24@firebug.cl.cam.ac.uk>
Date: Wed, 17 May 2006 23:19:18 +0100
Subject: [PATCH] This patch fixes the Linux builder so that it dies gracefully
 when trying to load malformed ELF images. Signed-off-by: Aravindh
 Puthiyaparambil <aravindh.puthiyaparambil@unisys.com>

---
 tools/libxc/xc_linux_build.c |  4 +++-
 tools/libxc/xc_load_elf.c    | 11 +++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/tools/libxc/xc_linux_build.c b/tools/libxc/xc_linux_build.c
index 4c0d655855..111cd08388 100644
--- a/tools/libxc/xc_linux_build.c
+++ b/tools/libxc/xc_linux_build.c
@@ -794,9 +794,11 @@ static int setup_guest(int xc_handle,
         goto error_out;
     }
 
-    (load_funcs.loadimage)(image, image_size,
+    rc = (load_funcs.loadimage)(image, image_size,
                            xc_handle, dom, page_array,
                            &dsi);
+    if ( rc != 0 )
+        goto error_out;
 
     if ( load_initrd(xc_handle, dom, initrd,
                      vinitrd_start - dsi.v_start, page_array) )
diff --git a/tools/libxc/xc_load_elf.c b/tools/libxc/xc_load_elf.c
index 610f0a53df..c09f819467 100644
--- a/tools/libxc/xc_load_elf.c
+++ b/tools/libxc/xc_load_elf.c
@@ -151,6 +151,13 @@ static int parseelfimage(const char *image,
     virt_base = 0;
     if ( (p = strstr(guestinfo, "VIRT_BASE=")) != NULL )
         virt_base = strtoul(p+10, &p, 0);
+
+    if ( virt_base == 0 )
+    {
+        ERROR("Malformed ELF image. VIRT_BASE in '__xen_guest' section set incorrectly");
+        return -EINVAL;
+    }
+
     dsi->elf_paddr_offset = virt_base;
     if ( (p = strstr(guestinfo, "ELF_PADDR_OFFSET=")) != NULL )
         dsi->elf_paddr_offset = strtoul(p+17, &p, 0);
@@ -219,6 +226,8 @@ loadelfimage(
             pa = (phdr->p_paddr + done) - dsi->elf_paddr_offset;
             va = xc_map_foreign_range(
                 xch, dom, PAGE_SIZE, PROT_WRITE, parray[pa>>PAGE_SHIFT]);
+            if ( va == NULL )
+                return -1;
             chunksz = phdr->p_filesz - done;
             if ( chunksz > (PAGE_SIZE - (pa & (PAGE_SIZE-1))) )
                 chunksz = PAGE_SIZE - (pa & (PAGE_SIZE-1));
@@ -232,6 +241,8 @@ loadelfimage(
             pa = (phdr->p_paddr + done) - dsi->elf_paddr_offset;
             va = xc_map_foreign_range(
                 xch, dom, PAGE_SIZE, PROT_WRITE, parray[pa>>PAGE_SHIFT]);
+            if ( va == NULL )
+                return -1;
             chunksz = phdr->p_memsz - done;
             if ( chunksz > (PAGE_SIZE - (pa & (PAGE_SIZE-1))) )
                 chunksz = PAGE_SIZE - (pa & (PAGE_SIZE-1));
-- 
2.30.2