loader: cd9660_open() warn: is 'buf' large enough for 'struct iso_primary_descriptor'?
We do allocate amount of memory (void * or char *), and then assign this buffer to struct iso_primary_descriptor *vd. Make sure we do allocate enough bytes. In fact we do allocate enough, but it is good idea to make sure this really is so. MFC after: 1 week
This commit is contained in:
parent
1ae74c1359
commit
8ac66965f5
@ -286,7 +286,7 @@ cd9660_open(const char *path, struct open_file *f)
|
||||
struct file *fp = NULL;
|
||||
void *buf;
|
||||
struct iso_primary_descriptor *vd;
|
||||
size_t buf_size, read, dsize, off;
|
||||
size_t read, dsize, off;
|
||||
daddr_t bno, boff;
|
||||
struct iso_directory_record rec;
|
||||
struct iso_directory_record *dp = NULL;
|
||||
@ -294,7 +294,8 @@ cd9660_open(const char *path, struct open_file *f)
|
||||
bool isdir = false;
|
||||
|
||||
/* First find the volume descriptor */
|
||||
buf = malloc(buf_size = ISO_DEFAULT_BLOCK_SIZE);
|
||||
buf = malloc(MAX(ISO_DEFAULT_BLOCK_SIZE,
|
||||
sizeof(struct iso_primary_descriptor)));
|
||||
vd = buf;
|
||||
for (bno = 16;; bno++) {
|
||||
twiddle(1);
|
||||
@ -438,7 +439,6 @@ cd9660_open(const char *path, struct open_file *f)
|
||||
return 0;
|
||||
|
||||
out:
|
||||
if (fp)
|
||||
free(fp);
|
||||
free(buf);
|
||||
|
||||
|
@ -35,6 +35,7 @@
|
||||
#include <sys/cdefs.h>
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <fs/cd9660/iso.h>
|
||||
#include <fs/cd9660/cd9660_rrip.h>
|
||||
|
||||
@ -220,7 +221,8 @@ dirmatch(const char *path, struct iso_directory_record *dp, int use_rrip,
|
||||
static uint64_t
|
||||
cd9660_lookup(const char *path)
|
||||
{
|
||||
static char blkbuf[ISO_DEFAULT_BLOCK_SIZE];
|
||||
static char blkbuf[MAX(ISO_DEFAULT_BLOCK_SIZE,
|
||||
sizeof(struct iso_primary_descriptor))];
|
||||
struct iso_primary_descriptor *vd;
|
||||
struct iso_directory_record rec;
|
||||
struct iso_directory_record *dp = NULL;
|
||||
|
Loading…
Reference in New Issue
Block a user