[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 08/20] elf_ops: Don't try to g_mapped_file_unref(NULL)
From: |
Laurent Vivier |
Subject: |
[PULL 08/20] elf_ops: Don't try to g_mapped_file_unref(NULL) |
Date: |
Mon, 4 May 2020 13:57:46 +0200 |
From: Peter Maydell <address@hidden>
Calling g_mapped_file_unref() on a NULL pointer is not valid, and
glib will assert if you try it.
$ qemu-system-arm -M virt -display none -device loader,file=/tmp/bad.elf
qemu-system-arm: -device loader,file=/tmp/bad.elf: GLib: g_mapped_file_unref:
assertion 'file != NULL' failed
(One way to produce an ELF file that fails like this is to copy just
the first 16 bytes of a valid ELF file; this is sufficient to fool
the code in load_elf_ram_sym() into thinking it's an ELF file and
calling load_elf32() or load_elf64().)
The failure-exit path in load_elf can be reached from various points
in execution, and for some of those we haven't yet called
g_mapped_file_new_from_fd(). Add a condition to the unref call so we
only call it if we successfully created the GMappedFile to start with.
This will fix the assertion; for the specific case of the generic
loader it will then fall back from "guess this is an ELF file" to
"maybe it's a uImage or a hex file" and eventually to "just load as
a raw data file".
Reported-by: Randy Yates <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Stefano Garzarella <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Laurent Vivier <address@hidden>
---
include/hw/elf_ops.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index e0bb47bb678d..398a4a2c85bb 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -606,7 +606,9 @@ static int glue(load_elf, SZ)(const char *name, int fd,
*highaddr = (uint64_t)(elf_sword)high;
ret = total_size;
fail:
- g_mapped_file_unref(mapped_file);
+ if (mapped_file) {
+ g_mapped_file_unref(mapped_file);
+ }
g_free(phdr);
return ret;
}
--
2.26.2
- [PULL 09/20] MAINTAINERS: Update Keith Busch's email address, (continued)
- [PULL 09/20] MAINTAINERS: Update Keith Busch's email address, Laurent Vivier, 2020/05/04
- [PULL 03/20] timer/exynos4210_mct: Remove redundant statement in exynos4210_mct_write(), Laurent Vivier, 2020/05/04
- [PULL 13/20] blockdev: Remove dead assignment, Laurent Vivier, 2020/05/04
- [PULL 04/20] crypto: Redundant type conversion for AES_KEY pointer, Laurent Vivier, 2020/05/04
- [PULL 10/20] chardev: Add macOS to list of OSes that support -chardev serial, Laurent Vivier, 2020/05/04
- [PULL 07/20] hw/mem/pc-dimm: Fix line over 80 characters warning, Laurent Vivier, 2020/05/04
- [PULL 11/20] Compress lines for immediate return, Laurent Vivier, 2020/05/04
- [PULL 14/20] hw/i2c/pm_smbus: Remove dead assignment, Laurent Vivier, 2020/05/04
- [PULL 08/20] elf_ops: Don't try to g_mapped_file_unref(NULL),
Laurent Vivier <=
- [PULL 18/20] hw/gpio/aspeed_gpio: Remove dead assignment, Laurent Vivier, 2020/05/04
- [PULL 05/20] MAINTAINERS: Mark the LatticeMico32 target as orphan, Laurent Vivier, 2020/05/04
- [PULL 16/20] hw/ide/sii3112: Remove dead assignment, Laurent Vivier, 2020/05/04
- [PULL 12/20] block: Avoid dead assignment, Laurent Vivier, 2020/05/04
- [PULL 19/20] hw/timer/stm32f2xx_timer: Remove dead assignment, Laurent Vivier, 2020/05/04
- [PULL 20/20] hw/timer/pxa2xx_timer: Add assertion to silent static analyzer warning, Laurent Vivier, 2020/05/04
- [PULL 17/20] hw/isa/i82378: Remove dead assignment, Laurent Vivier, 2020/05/04
- [PULL 15/20] hw/input/adb-kbd: Remove dead assignment, Laurent Vivier, 2020/05/04
- Re: [PULL 00/20] Trivial branch for 5.1 patches, Peter Maydell, 2020/05/04