Bug 205806 - [patch] bsdinstall(8): partedit can hang/crash on read/lseek/malloc failures
Summary: [patch] bsdinstall(8): partedit can hang/crash on read/lseek/malloc failures
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 10.2-STABLE
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-bugs (Nobody)
URL: https://reviews.freebsd.org/D14573
Keywords: install, patch
Depends on:
Blocks:
 
Reported: 2016-01-02 19:53 UTC by will
Modified: 2022-10-13 17:48 UTC (History)
2 users (show)

See Also:

Attachments
malloc + read in a loop -> mmap (1.30 KB, patch)
2016-01-02 19:53 UTC, will 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description will 2016-01-02 19:53:55 UTC 
Created attachment 164966 [details]
malloc + read in a loop -> mmap

The current code for reading in the bootcode from a file has a few problems.

https://svnweb.freebsd.org/base/head/usr.sbin/bsdinstall/partedit/gpart_ops.c?revision=285679&view=markup#l408

408: if lseek(2) fails, bootsize underflows to SIZE_T_MAX, making the resulting allocation dangerous
409: if malloc(3) fails, we end up with a null pointer deref later
413: if read(2) fails, the installer will hang trying to read(2) boot loader code

I've replaced this with a call to mmap(2), which will give us what we want, and also contains more error-handling if something goes wrong.

Tested on FreeBSD 10.2-STABLE on amd64.
Comment 1 will 2018-03-03 08:36:56 UTC 
https://reviews.freebsd.org/D14573