* [Bug 1879998] [NEW] Bad check for return value of mmap()
@ 2020-05-21 17:09 Hanno Böck
2020-05-22 4:56 ` [Bug 1879998] " Thomas Huth
2020-05-22 4:59 ` Thomas Huth
0 siblings, 2 replies; 3+ messages in thread
From: Hanno Böck @ 2020-05-21 17:09 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
In
./roms/skiboot/extract-gcov.c
there is this code:
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
assert(addr != NULL);
This check is wrong, mmap never returns NULL, on errors it returns
MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used
for error checking.)
In
roms/skiboot/libstb/print-container.c
there's a similar issue:
payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
PROT_READ, MAP_PRIVATE, fdin, SECURE_BOOT_HEADERS_SIZE);
if (!payload)
This if should be (payload == MAP_FAILED).
Another one is in
./roms/skiboot/libstb/create-container.c
And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1879998
Title:
Bad check for return value of mmap()
Status in QEMU:
New
Bug description:
In
./roms/skiboot/extract-gcov.c
there is this code:
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
assert(addr != NULL);
This check is wrong, mmap never returns NULL, on errors it returns
MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used
for error checking.)
In
roms/skiboot/libstb/print-container.c
there's a similar issue:
payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
PROT_READ, MAP_PRIVATE, fdin, SECURE_BOOT_HEADERS_SIZE);
if (!payload)
This if should be (payload == MAP_FAILED).
Another one is in
./roms/skiboot/libstb/create-container.c
And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1879998/+subscriptions
^ permalink raw reply [flat|nested] 3+ messages in thread* [Bug 1879998] Re: Bad check for return value of mmap()
2020-05-21 17:09 [Bug 1879998] [NEW] Bad check for return value of mmap() Hanno Böck
@ 2020-05-22 4:56 ` Thomas Huth
2020-05-22 4:59 ` Thomas Huth
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Huth @ 2020-05-22 4:56 UTC (permalink / raw)
To: qemu-devel
skiboot is a separate project, we do not manage its code in the QEMU
project, but just include the source code in our release tarballs since
we ship the skiboot binary with QEMU. Please report these problems to
the skiboot project instead:
https://github.com/open-power/skiboot
** Changed in: qemu
Status: New => Won't Fix
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1879998
Title:
Bad check for return value of mmap()
Status in QEMU:
Won't Fix
Bug description:
In
./roms/skiboot/extract-gcov.c
there is this code:
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
assert(addr != NULL);
This check is wrong, mmap never returns NULL, on errors it returns
MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used
for error checking.)
In
roms/skiboot/libstb/print-container.c
there's a similar issue:
payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
PROT_READ, MAP_PRIVATE, fdin, SECURE_BOOT_HEADERS_SIZE);
if (!payload)
This if should be (payload == MAP_FAILED).
Another one is in
./roms/skiboot/libstb/create-container.c
And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1879998/+subscriptions
^ permalink raw reply [flat|nested] 3+ messages in thread* [Bug 1879998] Re: Bad check for return value of mmap()
2020-05-21 17:09 [Bug 1879998] [NEW] Bad check for return value of mmap() Hanno Böck
2020-05-22 4:56 ` [Bug 1879998] " Thomas Huth
@ 2020-05-22 4:59 ` Thomas Huth
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Huth @ 2020-05-22 4:59 UTC (permalink / raw)
To: qemu-devel
And concerning the mmap in roms/u-boot/, please report that issue to the
U-Boot project instead: https://www.denx.de/wiki/U-Boot/
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1879998
Title:
Bad check for return value of mmap()
Status in QEMU:
Won't Fix
Bug description:
In
./roms/skiboot/extract-gcov.c
there is this code:
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
assert(addr != NULL);
This check is wrong, mmap never returns NULL, on errors it returns
MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used
for error checking.)
In
roms/skiboot/libstb/print-container.c
there's a similar issue:
payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
PROT_READ, MAP_PRIVATE, fdin, SECURE_BOOT_HEADERS_SIZE);
if (!payload)
This if should be (payload == MAP_FAILED).
Another one is in
./roms/skiboot/libstb/create-container.c
And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1879998/+subscriptions
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-05-22 5:06 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-21 17:09 [Bug 1879998] [NEW] Bad check for return value of mmap() Hanno Böck
2020-05-22 4:56 ` [Bug 1879998] " Thomas Huth
2020-05-22 4:59 ` Thomas Huth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).