Author: tsoome
Date: Thu Mar 19 17:27:08 2020
New Revision: 359147
URL: https://svnweb.freebsd.org/changeset/base/359147
Log:
loader: misaligned access of dos_partition structure
armv7 crash due to misligned access of dos_partition dp_start field.
Allocate and make copy of dos_partition array to make sure the data
is aligned.
Reported by: marklmi at yahoo.com
Modified:
head/stand/common/part.c
Modified: head/stand/common/part.c
==============================================================================
--- head/stand/common/part.c Thu Mar 19 17:20:50 2020 (r359146)
+++ head/stand/common/part.c Thu Mar 19 17:27:08 2020 (r359147)
@@ -654,6 +654,7 @@ ptable_open(void *dev, uint64_t sectors, uint16_t sect
int has_ext;
#endif
table = NULL;
+ dp = NULL;
buf = malloc(sectorsize);
if (buf == NULL)
return (NULL);
@@ -708,7 +709,11 @@ ptable_open(void *dev, uint64_t sectors, uint16_t sect
goto out;
}
/* Check that we have PMBR. Also do some validation. */
- dp = (struct dos_partition *)(buf + DOSPARTOFF);
+ dp = malloc(NDOSPART * sizeof(struct dos_partition));
+ if (dp == NULL)
+ goto out;
+ bcopy(buf + DOSPARTOFF, dp, NDOSPART * sizeof(struct dos_partition));
+
/*
* In mac we can have PMBR partition in hybrid MBR;
* that is, MBR partition which has DOSPTYP_PMBR entry defined as
@@ -770,6 +775,7 @@ ptable_open(void *dev, uint64_t sectors, uint16_t sect
#endif /* LOADER_MBR_SUPPORT */
#endif /* LOADER_MBR_SUPPORT || LOADER_GPT_SUPPORT */
out:
+ free(dp);
free(buf);
return (table);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
