From owner-freebsd-bugs@FreeBSD.ORG  Tue Jul 12 23:50:14 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2E62416A41C
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 12 Jul 2005 23:50:14 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B70A543D46
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 12 Jul 2005 23:50:13 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j6CNoD7p006150
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 12 Jul 2005 23:50:13 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j6CNoDho006146;
	Tue, 12 Jul 2005 23:50:13 GMT (envelope-from gnats)
Resent-Date: Tue, 12 Jul 2005 23:50:13 GMT
Resent-Message-Id: <200507122350.j6CNoDho006146@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dan Lukes <dan@obluda.cz>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 58F9E16A41C
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 12 Jul 2005 23:49:34 +0000 (GMT)
	(envelope-from dan@kulesh.obluda.cz)
Received: from kulesh.obluda.cz (kulesh.obluda.cz [193.179.22.243])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2C4E443D46
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 12 Jul 2005 23:49:32 +0000 (GMT)
	(envelope-from dan@kulesh.obluda.cz)
Received: from kulesh.obluda.cz (localhost.eunet.cz [127.0.0.1])
	by kulesh.obluda.cz (8.13.3/8.13.3) with ESMTP id j6CNnVOH018446
	for <FreeBSD-gnats-submit@freebsd.org>;
	Wed, 13 Jul 2005 01:49:31 +0200 (CEST)
	(envelope-from dan@kulesh.obluda.cz)
Received: (from root@localhost)
	by kulesh.obluda.cz (8.13.3/8.13.1/Submit) id j6CNnUqu018445;
	Wed, 13 Jul 2005 01:49:30 +0200 (CEST) (envelope-from dan)
Message-Id: <200507122349.j6CNnUqu018445@kulesh.obluda.cz>
Date: Wed, 13 Jul 2005 01:49:30 +0200 (CEST)
From: Dan Lukes <dan@obluda.cz>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: bin/83361: [ PATCH ] Incorrect malloc failures handling within
	libdisk code
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Dan Lukes <dan@obluda.cz>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2005 23:50:14 -0000


>Number:         83361
>Category:       bin
>Synopsis:       [ PATCH ] Incorrect malloc failures handling within libdisk code
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 12 23:50:13 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Dan Lukes
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
Obludarium
>Environment:
System: FreeBSD 5.4-STABLE #8: Sat Jul 9 16:31:08 CEST 2005 i386
lib/libdisk/write_ia64_disk.c,v 1.15 2004/01/30 20:52:54 marcel
lib/libdisk/write_sparc64_disk.c,v 1.8 2003/04/22 05:34:35 phk

>Description:
	Incorrect malloc failures handling can cause dereferencing of NULL
>How-To-Repeat:
>Fix:

--- patch begins here ---
--- lib/libdisk/write_ia64_disk.c.ORIG	Thu Feb  5 20:18:39 2004
+++ lib/libdisk/write_ia64_disk.c	Wed Jul 13 01:25:04 2005
@@ -245,7 +245,7 @@
 	if (sav > 0) {
 		save = malloc(sav * sizeof(struct gpt_ent));
 		if (save == NULL)
-			abort();
+			return(ENOMEM);
 		sav = 0;
 		for (c = disk->chunks->part; c != NULL; c = c->next) {
 			if ((c->flags & CHUNK_HAS_INDEX)) {
@@ -332,6 +332,8 @@
 		bufsz += disk->sector_size;
 	bufsz = (bufsz / disk->sector_size) * disk->sector_size;
 	buffer = calloc(1, bufsz);
+	if (buffer == NULL)
+		return (ENOMEM);
 
 	memcpy(buffer, &hdr[0], sizeof(struct gpt_hdr));
 	off = hdr[0].hdr_lba_self * disk->sector_size;
--- lib/libdisk/write_sparc64_disk.c.ORIG	Wed Apr 23 01:44:38 2003
+++ lib/libdisk/write_sparc64_disk.c	Wed Jul 13 01:36:34 2005
@@ -44,10 +44,13 @@
 	fd = open(device, O_RDWR);
 	if (fd < 0) {
 		warn("open(%s) failed", device);
-		return (1);
+		return (errno);
 	}
 
-	sl = calloc(sizeof *sl, 1);
+	if ((sl = calloc(sizeof *sl, 1)) == NULL) {
+		close(fd);
+		return(ENOMEM);
+	}
 	c = d1->chunks;
 	c2 = c->part;
 	secpercyl = d1->bios_sect * d1->bios_hd;
--- patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted: