1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
other: 0.782
semantic: 0.709
performance: 0.698
device: 0.652
graphic: 0.641
vnc: 0.511
PID: 0.506
files: 0.503
network: 0.484
socket: 0.466
boot: 0.391
debug: 0.375
permissions: 0.249
KVM: 0.164
Bad check for return value of mmap()
In
./roms/skiboot/extract-gcov.c
there is this code:
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
assert(addr != NULL);
This check is wrong, mmap never returns NULL, on errors it returns MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used for error checking.)
In
roms/skiboot/libstb/print-container.c
there's a similar issue:
payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
PROT_READ, MAP_PRIVATE, fdin, SECURE_BOOT_HEADERS_SIZE);
if (!payload)
This if should be (payload == MAP_FAILED).
Another one is in
./roms/skiboot/libstb/create-container.c
And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.
skiboot is a separate project, we do not manage its code in the QEMU project, but just include the source code in our release tarballs since we ship the skiboot binary with QEMU. Please report these problems to the skiboot project instead:
https://github.com/open-power/skiboot
And concerning the mmap in roms/u-boot/, please report that issue to the U-Boot project instead: https://www.denx.de/wiki/U-Boot/
|