d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

loader: misaligned access of dos_partition structure

Browse Source 
armv7 crash due to misligned access of dos_partition dp_start field.

Allocate and make copy of dos_partition array to make sure the data
is aligned.

Reported by:	marklmi at yahoo.com
This commit is contained in:
Toomas Soome 2020-03-19 17:27:08 +00:00
parent e4ee6c5444
commit 87d8d5ea3d
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
stand/common/part.c
View File

@ -654,6 +654,7 @@ ptable_open(void *dev, uint64_t sectors, uint16_t sectorsize,
int has_ext;
#endif
table = NULL;
dp = NULL;
buf = malloc(sectorsize);
if (buf == NULL)
return (NULL);
@ -708,7 +709,11 @@ ptable_open(void *dev, uint64_t sectors, uint16_t sectorsize,
goto out;
}
/* Check that we have PMBR. Also do some validation. */
dp = (struct dos_partition *)(buf + DOSPARTOFF);
dp = malloc(NDOSPART * sizeof(struct dos_partition));
if (dp == NULL)
goto out;
bcopy(buf + DOSPARTOFF, dp, NDOSPART * sizeof(struct dos_partition));
/*
* In mac we can have PMBR partition in hybrid MBR;
* that is, MBR partition which has DOSPTYP_PMBR entry defined as
@ -770,6 +775,7 @@ ptable_open(void *dev, uint64_t sectors, uint16_t sectorsize,
#endif /* LOADER_MBR_SUPPORT */
#endif /* LOADER_MBR_SUPPORT || LOADER_GPT_SUPPORT */
out:
free(dp);
free(buf);
return (table);
}