svn commit: r355713 - head/stand/libsa

Fri, 13 Dec 2019 04:36:44 -0800 

Author: tsoome
Date: Fri Dec 13 12:36:16 2019
New Revision: 355713
URL: https://svnweb.freebsd.org/changeset/base/355713

Log:
  loader: cd9660_open() warn: is 'buf' large enough for 'struct 
iso_primary_descriptor'?
  
  We do allocate amount of memory (void * or char *), and then assign this
  buffer to struct iso_primary_descriptor *vd. Make sure we do
  allocate enough bytes.
  
  In fact we do allocate enough, but it is good idea to make sure this really
  is so.
  
  MFC after:    1 week

Modified:
  head/stand/libsa/cd9660.c
  head/stand/libsa/cd9660read.c

Modified: head/stand/libsa/cd9660.c
==============================================================================
--- head/stand/libsa/cd9660.c   Fri Dec 13 11:47:58 2019        (r355712)
+++ head/stand/libsa/cd9660.c   Fri Dec 13 12:36:16 2019        (r355713)
@@ -286,7 +286,7 @@ cd9660_open(const char *path, struct open_file *f)
        struct file *fp = NULL;
        void *buf;
        struct iso_primary_descriptor *vd;
-       size_t buf_size, read, dsize, off;
+       size_t read, dsize, off;
        daddr_t bno, boff;
        struct iso_directory_record rec;
        struct iso_directory_record *dp = NULL;
@@ -294,7 +294,8 @@ cd9660_open(const char *path, struct open_file *f)
        bool isdir = false;
 
        /* First find the volume descriptor */
-       buf = malloc(buf_size = ISO_DEFAULT_BLOCK_SIZE);
+       buf = malloc(MAX(ISO_DEFAULT_BLOCK_SIZE,
+           sizeof(struct iso_primary_descriptor)));
        vd = buf;
        for (bno = 16;; bno++) {
                twiddle(1);
@@ -438,8 +439,7 @@ cd9660_open(const char *path, struct open_file *f)
        return 0;
 
 out:
-       if (fp)
-               free(fp);
+       free(fp);
        free(buf);
 
        return rc;

Modified: head/stand/libsa/cd9660read.c
==============================================================================
--- head/stand/libsa/cd9660read.c       Fri Dec 13 11:47:58 2019        
(r355712)
+++ head/stand/libsa/cd9660read.c       Fri Dec 13 12:36:16 2019        
(r355713)
@@ -35,6 +35,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/param.h>
 #include <fs/cd9660/iso.h>
 #include <fs/cd9660/cd9660_rrip.h>
 
@@ -220,7 +221,8 @@ dirmatch(const char *path, struct iso_directory_record
 static uint64_t
 cd9660_lookup(const char *path)
 {
-       static char blkbuf[ISO_DEFAULT_BLOCK_SIZE];
+       static char blkbuf[MAX(ISO_DEFAULT_BLOCK_SIZE,
+           sizeof(struct iso_primary_descriptor))];
        struct iso_primary_descriptor *vd;
        struct iso_directory_record rec;
        struct iso_directory_record *dp = NULL;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to