loader: cd9660_open() warn: is 'buf' large enough for 'struct iso_primary_descriptor'?

We do allocate amount of memory (void * or char *), and then assign this
buffer to struct iso_primary_descriptor *vd. Make sure we do
allocate enough bytes.

In fact we do allocate enough, but it is good idea to make sure this really
is so.

MFC after:	1 week
This commit is contained in:
Toomas Soome 2019-12-13 12:36:16 +00:00
parent 1ae74c1359
commit 8ac66965f5
2 changed files with 7 additions and 5 deletions

View File

@ -286,7 +286,7 @@ cd9660_open(const char *path, struct open_file *f)
struct file *fp = NULL; struct file *fp = NULL;
void *buf; void *buf;
struct iso_primary_descriptor *vd; struct iso_primary_descriptor *vd;
size_t buf_size, read, dsize, off; size_t read, dsize, off;
daddr_t bno, boff; daddr_t bno, boff;
struct iso_directory_record rec; struct iso_directory_record rec;
struct iso_directory_record *dp = NULL; struct iso_directory_record *dp = NULL;
@ -294,7 +294,8 @@ cd9660_open(const char *path, struct open_file *f)
bool isdir = false; bool isdir = false;
/* First find the volume descriptor */ /* First find the volume descriptor */
buf = malloc(buf_size = ISO_DEFAULT_BLOCK_SIZE); buf = malloc(MAX(ISO_DEFAULT_BLOCK_SIZE,
sizeof(struct iso_primary_descriptor)));
vd = buf; vd = buf;
for (bno = 16;; bno++) { for (bno = 16;; bno++) {
twiddle(1); twiddle(1);
@ -438,8 +439,7 @@ cd9660_open(const char *path, struct open_file *f)
return 0; return 0;
out: out:
if (fp) free(fp);
free(fp);
free(buf); free(buf);
return rc; return rc;

View File

@ -35,6 +35,7 @@
#include <sys/cdefs.h> #include <sys/cdefs.h>
__FBSDID("$FreeBSD$"); __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <fs/cd9660/iso.h> #include <fs/cd9660/iso.h>
#include <fs/cd9660/cd9660_rrip.h> #include <fs/cd9660/cd9660_rrip.h>
@ -220,7 +221,8 @@ dirmatch(const char *path, struct iso_directory_record *dp, int use_rrip,
static uint64_t static uint64_t
cd9660_lookup(const char *path) cd9660_lookup(const char *path)
{ {
static char blkbuf[ISO_DEFAULT_BLOCK_SIZE]; static char blkbuf[MAX(ISO_DEFAULT_BLOCK_SIZE,
sizeof(struct iso_primary_descriptor))];
struct iso_primary_descriptor *vd; struct iso_primary_descriptor *vd;
struct iso_directory_record rec; struct iso_directory_record rec;
struct iso_directory_record *dp = NULL; struct iso_directory_record *dp = NULL;