On Tue, Sep 11, 2018 at 03:36:49PM +0800, Michael Mikonos wrote:
> Hello,
>
> Sometimes vmd doesn't seem to check the result of malloc/calloc.
> I tried to preserve the existing behavour w.r.t. return values
> for the functions modified; some functions returned 1 on error
> while others return -1. Does this look correct?
>
> - Michael
>
The first file, loadfile_elf.c, was taken from the bootloader. So
I'd say for the sake of diffability, make the corresponding change
there as well.
I'll have to look at the other files separately, no time at the moment.
-ml
>
> Index: loadfile_elf.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/vmd/loadfile_elf.c,v
> retrieving revision 1.30
> diff -u -p -u -r1.30 loadfile_elf.c
> --- loadfile_elf.c 17 Jul 2018 13:47:06 -0000 1.30
> +++ loadfile_elf.c 11 Sep 2018 07:29:10 -0000
> @@ -716,6 +716,8 @@ elf64_exec(FILE *fp, Elf64_Ehdr *elf, u_
>
> sz = elf->e_phnum * sizeof(Elf64_Phdr);
> phdr = malloc(sz);
> + if (phdr == NULL)
> + return 1;
>
> if (fseeko(fp, (off_t)elf->e_phoff, SEEK_SET) == -1) {
> free(phdr);
> @@ -813,6 +815,8 @@ elf64_exec(FILE *fp, Elf64_Ehdr *elf, u_
> }
> sz = elf->e_shnum * sizeof(Elf64_Shdr);
> shp = malloc(sz);
> + if (shp == NULL)
> + return 1;
>
> if (fread(shp, 1, sz, fp) != sz) {
> free(shp);
> @@ -824,6 +828,8 @@ elf64_exec(FILE *fp, Elf64_Ehdr *elf, u_
>
> size_t shstrsz = shp[elf->e_shstrndx].sh_size;
> char *shstr = malloc(shstrsz);
> + if (shstr == NULL)
> + return 1;
> if (fseeko(fp, (off_t)shp[elf->e_shstrndx].sh_offset,
> SEEK_SET) == -1) {
> free(shstr);
> @@ -938,6 +944,8 @@ elf32_exec(FILE *fp, Elf32_Ehdr *elf, u_
>
> sz = elf->e_phnum * sizeof(Elf32_Phdr);
> phdr = malloc(sz);
> + if (phdr == NULL)
> + return 1;
>
> if (fseeko(fp, (off_t)elf->e_phoff, SEEK_SET) == -1) {
> free(phdr);
> @@ -1035,6 +1043,8 @@ elf32_exec(FILE *fp, Elf32_Ehdr *elf, u_
> }
> sz = elf->e_shnum * sizeof(Elf32_Shdr);
> shp = malloc(sz);
> + if (shp == NULL)
> + return 1;
>
> if (fread(shp, 1, sz, fp) != sz) {
> free(shp);
> @@ -1046,6 +1056,8 @@ elf32_exec(FILE *fp, Elf32_Ehdr *elf, u_
>
> size_t shstrsz = shp[elf->e_shstrndx].sh_size;
> char *shstr = malloc(shstrsz);
> + if (shstr == NULL)
> + return 1;
> if (fseeko(fp, (off_t)shp[elf->e_shstrndx].sh_offset,
> SEEK_SET) == -1) {
> free(shstr);
> Index: vioqcow2.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/vmd/vioqcow2.c,v
> retrieving revision 1.2
> diff -u -p -u -r1.2 vioqcow2.c
> --- vioqcow2.c 11 Sep 2018 04:06:32 -0000 1.2
> +++ vioqcow2.c 11 Sep 2018 07:29:10 -0000
> @@ -202,6 +202,9 @@ qc2_open(struct qcdisk *disk, int fd)
> }
>
> disk->l1 = calloc(disk->l1sz, sizeof *disk->l1);
> + if (disk->l1 == NULL)
> + return -1;
> +
> if (pread(disk->fd, (char*)disk->l1, 8*disk->l1sz, disk->l1off)
> != 8*disk->l1sz) {
> free(disk->l1);
> @@ -237,6 +240,8 @@ qc2_open(struct qcdisk *disk, int fd)
> basepath[backingsz] = 0;
>
> disk->base = calloc(1, sizeof(struct qcdisk));
> + if (disk->base == NULL)
> + return -1;
> if (qc2_openpath(disk->base, basepath, O_RDONLY) == -1) {
> free(disk->base);
> return -1;
> Index: vioraw.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/vmd/vioraw.c,v
> retrieving revision 1.1
> diff -u -p -u -r1.1 vioraw.c
> --- vioraw.c 25 Aug 2018 04:16:09 -0000 1.1
> +++ vioraw.c 11 Sep 2018 07:29:10 -0000
> @@ -62,6 +62,8 @@ virtio_init_raw(struct virtio_backing *f
> return -1;
>
> fdp = malloc(sizeof(int));
> + if (fdp == NULL)
> + return -1;
> *fdp = fd;
> file->p = fdp;
> file->pread = raw_pread;
>
