Bug 205806 - [patch] bsdinstall(8): partedit can hang/crash on read/lseek/malloc failures
Summary: [patch] bsdinstall(8): partedit can hang/crash on read/lseek/malloc failures
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 10.2-STABLE
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-bugs (Nobody)
URL: https://reviews.freebsd.org/D14573
Keywords: patch
Depends on:
Reported: 2016-01-02 19:53 UTC by will
Modified: 2019-09-17 20:39 UTC (History)
2 users (show)

See Also:

malloc + read in a loop -> mmap (1.30 KB, patch)
2016-01-02 19:53 UTC, will
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description will 2016-01-02 19:53:55 UTC
Created attachment 164966 [details]
malloc + read in a loop -> mmap

The current code for reading in the bootcode from a file has a few problems.


408: if lseek(2) fails, bootsize underflows to SIZE_T_MAX, making the resulting allocation dangerous
409: if malloc(3) fails, we end up with a null pointer deref later
413: if read(2) fails, the installer will hang trying to read(2) boot loader code

I've replaced this with a call to mmap(2), which will give us what we want, and also contains more error-handling if something goes wrong.

Tested on FreeBSD 10.2-STABLE on amd64.
Comment 1 will 2018-03-03 08:36:56 UTC