[Bug 1879998] [NEW] Bad check for return value of mmap()

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1879998] [NEW] Bad check for return value of mmap()

From:	Hanno Böck
Subject:	[Bug 1879998] [NEW] Bad check for return value of mmap()
Date:	Thu, 21 May 2020 17:09:54 -0000

Public bug reported:

In
./roms/skiboot/extract-gcov.c
there is this code:

        addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
        assert(addr != NULL);

This check is wrong, mmap never returns NULL, on errors it returns
MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used
for error checking.)

In
roms/skiboot/libstb/print-container.c
there's a similar issue:

        payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
                        PROT_READ, MAP_PRIVATE, fdin, SECURE_BOOT_HEADERS_SIZE);
        if (!payload)

This if should be (payload == MAP_FAILED).

Another one is in
./roms/skiboot/libstb/create-container.c

And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1879998

Title:
  Bad check for return value of mmap()

Status in QEMU:
  New

Bug description:
  In
  ./roms/skiboot/extract-gcov.c
  there is this code:

          addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
          assert(addr != NULL);

  This check is wrong, mmap never returns NULL, on errors it returns
  MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used
  for error checking.)

  In
  roms/skiboot/libstb/print-container.c
  there's a similar issue:

          payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
                          PROT_READ, MAP_PRIVATE, fdin, 
SECURE_BOOT_HEADERS_SIZE);
          if (!payload)

  This if should be (payload == MAP_FAILED).

  Another one is in
  ./roms/skiboot/libstb/create-container.c

  And in
  ./roms/u-boot/tools/aisimage.c
  there's an mmap call that does not check the return value at all.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1879998/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug 1879998] [NEW] Bad check for return value of mmap(), Hanno Böck <=
- [Bug 1879998] Re: Bad check for return value of mmap(), Thomas Huth, 2020/05/22
- [Bug 1879998] Re: Bad check for return value of mmap(), Thomas Huth, 2020/05/22

Prev by Date: Re: [PATCH v2 1/2] hw/m68k/mcf5206: Reduce m5206_mbar_read/write() offset arg to 16-bit
Next by Date: [PATCH] audio: fix wavcapture segfault
Previous by thread: Re: [RFC][PATCH v2 2/3] docs/specs: Add specification of ivshmem device revision 2
Next by thread: [Bug 1879998] Re: Bad check for return value of mmap()
Index(es):
- Date
- Thread