From 8ac66965f5a03f138f352f084fa5942a040ea7ea Mon Sep 17 00:00:00 2001 From: Toomas Soome Date: Fri, 13 Dec 2019 12:36:16 +0000 Subject: [PATCH] loader: cd9660_open() warn: is 'buf' large enough for 'struct iso_primary_descriptor'? We do allocate amount of memory (void * or char *), and then assign this buffer to struct iso_primary_descriptor *vd. Make sure we do allocate enough bytes. In fact we do allocate enough, but it is good idea to make sure this really is so. MFC after: 1 week --- stand/libsa/cd9660.c | 8 ++++---- stand/libsa/cd9660read.c | 4 +++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/stand/libsa/cd9660.c b/stand/libsa/cd9660.c index aa87466dc591..c339678d96fe 100644 --- a/stand/libsa/cd9660.c +++ b/stand/libsa/cd9660.c @@ -286,7 +286,7 @@ cd9660_open(const char *path, struct open_file *f) struct file *fp = NULL; void *buf; struct iso_primary_descriptor *vd; - size_t buf_size, read, dsize, off; + size_t read, dsize, off; daddr_t bno, boff; struct iso_directory_record rec; struct iso_directory_record *dp = NULL; @@ -294,7 +294,8 @@ cd9660_open(const char *path, struct open_file *f) bool isdir = false; /* First find the volume descriptor */ - buf = malloc(buf_size = ISO_DEFAULT_BLOCK_SIZE); + buf = malloc(MAX(ISO_DEFAULT_BLOCK_SIZE, + sizeof(struct iso_primary_descriptor))); vd = buf; for (bno = 16;; bno++) { twiddle(1); @@ -438,8 +439,7 @@ cd9660_open(const char *path, struct open_file *f) return 0; out: - if (fp) - free(fp); + free(fp); free(buf); return rc; diff --git a/stand/libsa/cd9660read.c b/stand/libsa/cd9660read.c index 7ad2e9c6d559..3f4e667f6942 100644 --- a/stand/libsa/cd9660read.c +++ b/stand/libsa/cd9660read.c @@ -35,6 +35,7 @@ #include __FBSDID("$FreeBSD$"); +#include #include #include @@ -220,7 +221,8 @@ dirmatch(const char *path, struct iso_directory_record *dp, int use_rrip, static uint64_t cd9660_lookup(const char *path) { - static char blkbuf[ISO_DEFAULT_BLOCK_SIZE]; + static char blkbuf[MAX(ISO_DEFAULT_BLOCK_SIZE, + sizeof(struct iso_primary_descriptor))]; struct iso_primary_descriptor *vd; struct iso_directory_record rec; struct iso_directory_record *dp = NULL;