Bug 205806

Summary: [patch] bsdinstall(8): partedit can hang/crash on read/lseek/malloc failures
Product: Base System Reporter: will
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Some People CC: amd64, lwhsu
Priority: --- Keywords: patch
Version: 10.2-STABLE   
Hardware: amd64   
OS: Any   
URL: https://reviews.freebsd.org/D14573
Description Flags
malloc + read in a loop -> mmap none

Description will 2016-01-02 19:53:55 UTC
Created attachment 164966 [details]
malloc + read in a loop -> mmap

The current code for reading in the bootcode from a file has a few problems.


408: if lseek(2) fails, bootsize underflows to SIZE_T_MAX, making the resulting allocation dangerous
409: if malloc(3) fails, we end up with a null pointer deref later
413: if read(2) fails, the installer will hang trying to read(2) boot loader code

I've replaced this with a call to mmap(2), which will give us what we want, and also contains more error-handling if something goes wrong.

Tested on FreeBSD 10.2-STABLE on amd64.
Comment 1 will 2018-03-03 08:36:56 UTC