loader: cd9660_open() warn: is 'buf' large enough for 'struct iso_primary_descriptor'?

We do allocate amount of memory (void * or char *), and then assign this
buffer to struct iso_primary_descriptor *vd. Make sure we do
allocate enough bytes.

In fact we do allocate enough, but it is good idea to make sure this really
is so.

MFC after:	1 week
This commit is contained in:
Toomas Soome 2019-12-13 12:36:16 +00:00
parent 1ae74c1359
commit 8ac66965f5
2 changed files with 7 additions and 5 deletions

View File

@ -286,7 +286,7 @@ cd9660_open(const char *path, struct open_file *f)
struct file *fp = NULL;
void *buf;
struct iso_primary_descriptor *vd;
size_t buf_size, read, dsize, off;
size_t read, dsize, off;
daddr_t bno, boff;
struct iso_directory_record rec;
struct iso_directory_record *dp = NULL;
@ -294,7 +294,8 @@ cd9660_open(const char *path, struct open_file *f)
bool isdir = false;
/* First find the volume descriptor */
buf = malloc(buf_size = ISO_DEFAULT_BLOCK_SIZE);
buf = malloc(MAX(ISO_DEFAULT_BLOCK_SIZE,
sizeof(struct iso_primary_descriptor)));
vd = buf;
for (bno = 16;; bno++) {
twiddle(1);
@ -438,7 +439,6 @@ cd9660_open(const char *path, struct open_file *f)
return 0;
out:
if (fp)
free(fp);
free(buf);

View File

@ -35,6 +35,7 @@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <fs/cd9660/iso.h>
#include <fs/cd9660/cd9660_rrip.h>
@ -220,7 +221,8 @@ dirmatch(const char *path, struct iso_directory_record *dp, int use_rrip,
static uint64_t
cd9660_lookup(const char *path)
{
static char blkbuf[ISO_DEFAULT_BLOCK_SIZE];
static char blkbuf[MAX(ISO_DEFAULT_BLOCK_SIZE,
sizeof(struct iso_primary_descriptor))];
struct iso_primary_descriptor *vd;
struct iso_directory_record rec;
struct iso_directory_record *dp = NULL;