File CVE-2018-20815-qemuu-Dont-use-load_image.patch of Package xen.11319

Subject: device_tree.c: Don't use load_image()
From: Peter Maydell peter.maydell@linaro.org Fri Dec 14 13:30:52 2018 +0000
Date: Fri Dec 14 13:30:52 2018 +0000:
Git: da885fe1ee8b4589047484bd7fa05a4905b52b17

The load_image() function is deprecated, as it does not let the
caller specify how large the buffer to read the file into is.
Instead use load_image_size().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20181130151712.2312-9-peter.maydell@linaro.org

Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/device_tree.c
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/device_tree.c
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/device_tree.c
@@ -86,7 +86,7 @@ void *load_device_tree(const char *filen
     /* First allocate space in qemu for device tree */
     fdt = g_malloc0(dt_size);
 
-    dt_file_load_size = load_image(filename_path, fdt);
+    dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
     if (dt_file_load_size < 0) {
         printf("Unable to open device tree file '%s'\n",
                filename_path);