QEMU

Bad check for return value of mmap()

Bug #1879998 reported by Hanno Böck
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Won't Fix
Undecided
Unassigned

Bug Description

In
./roms/skiboot/extract-gcov.c
there is this code:

        addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
        assert(addr != NULL);

This check is wrong, mmap never returns NULL, on errors it returns MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used for error checking.)

In
roms/skiboot/libstb/print-container.c
there's a similar issue:

        payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
                        PROT_READ, MAP_PRIVATE, fdin, SECURE_BOOT_HEADERS_SIZE);
        if (!payload)

This if should be (payload == MAP_FAILED).

Another one is in
./roms/skiboot/libstb/create-container.c

And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.

Revision history for this message
Thomas Huth (th-huth) wrote :

skiboot is a separate project, we do not manage its code in the QEMU project, but just include the source code in our release tarballs since we ship the skiboot binary with QEMU. Please report these problems to the skiboot project instead:

 https://github.com/open-power/skiboot

Changed in qemu:
status: New → Won't Fix
Revision history for this message
Thomas Huth (th-huth) wrote :

And concerning the mmap in roms/u-boot/, please report that issue to the U-Boot project instead: https://www.denx.de/wiki/U-Boot/

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.