Created attachment 164966 [details] malloc + read in a loop -> mmap The current code for reading in the bootcode from a file has a few problems. https://svnweb.freebsd.org/base/head/usr.sbin/bsdinstall/partedit/gpart_ops.c?revision=285679&view=markup#l408 408: if lseek(2) fails, bootsize underflows to SIZE_T_MAX, making the resulting allocation dangerous 409: if malloc(3) fails, we end up with a null pointer deref later 413: if read(2) fails, the installer will hang trying to read(2) boot loader code I've replaced this with a call to mmap(2), which will give us what we want, and also contains more error-handling if something goes wrong. Tested on FreeBSD 10.2-STABLE on amd64.
https://reviews.freebsd.org/D14573