[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1879998] Re: Bad check for return value of mmap()
|
From: |
Thomas Huth |
|
Subject: |
[Bug 1879998] Re: Bad check for return value of mmap() |
|
Date: |
Fri, 22 May 2020 04:56:55 -0000 |
skiboot is a separate project, we do not manage its code in the QEMU
project, but just include the source code in our release tarballs since
we ship the skiboot binary with QEMU. Please report these problems to
the skiboot project instead:
https://github.com/open-power/skiboot
** Changed in: qemu
Status: New => Won't Fix
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1879998
Title:
Bad check for return value of mmap()
Status in QEMU:
Won't Fix
Bug description:
In
./roms/skiboot/extract-gcov.c
there is this code:
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
assert(addr != NULL);
This check is wrong, mmap never returns NULL, on errors it returns
MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used
for error checking.)
In
roms/skiboot/libstb/print-container.c
there's a similar issue:
payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
PROT_READ, MAP_PRIVATE, fdin,
SECURE_BOOT_HEADERS_SIZE);
if (!payload)
This if should be (payload == MAP_FAILED).
Another one is in
./roms/skiboot/libstb/create-container.c
And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1879998/+subscriptions