blob: a14b0d21715770d5a3b2ef6fb8fb66ae5de4bc77 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Bad check for return value of mmap()
In
./roms/skiboot/extract-gcov.c
there is this code:
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
assert(addr != NULL);
This check is wrong, mmap never returns NULL, on errors it returns MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used for error checking.)
In
roms/skiboot/libstb/print-container.c
there's a similar issue:
payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
PROT_READ, MAP_PRIVATE, fdin, SECURE_BOOT_HEADERS_SIZE);
if (!payload)
This if should be (payload == MAP_FAILED).
Another one is in
./roms/skiboot/libstb/create-container.c
And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.
|