File CVE-2018-20815-qemut-Dont-use-load_image.patch of Package xen.26348

Subject: device_tree.c: Don't use load_image()
From: Peter Maydell peter.maydell@linaro.org Fri Dec 14 13:30:52 2018 +0000
Date: Fri Dec 14 13:30:52 2018 +0000:
Git: da885fe1ee8b4589047484bd7fa05a4905b52b17

The load_image() function is deprecated, as it does not let the
caller specify how large the buffer to read the file into is.
Instead use load_image_size().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20181130151712.2312-9-peter.maydell@linaro.org

Index: xen-4.7.6-testing/tools/qemu-xen-traditional-dir-remote/device_tree.c
===================================================================
--- xen-4.7.6-testing.orig/tools/qemu-xen-traditional-dir-remote/device_tree.c
+++ xen-4.7.6-testing/tools/qemu-xen-traditional-dir-remote/device_tree.c
@@ -44,7 +44,7 @@ void *load_device_tree(const char *filen
     /* First allocate space in qemu for device tree */
     dt_file = qemu_mallocz(dt_file_size);
 
-    dt_file_load_size = load_image(filename_path, dt_file);
+    dt_file_load_size = load_image_size(filename_path, dt_file, dt_file_size);
 
     /* Second we place new copy of 2x size in guest memory
      * This give us enough room for manipulation.