From patchwork Mon May 4 11:57:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Laurent Vivier X-Patchwork-Id: 186082 Delivered-To: patch@linaro.org Received: by 2002:a92:8d81:0:0:0:0:0 with SMTP id w1csp44074ill; Mon, 4 May 2020 05:09:05 -0700 (PDT) X-Google-Smtp-Source: APiQypIYsCman5HtUCk1xiz1TrysExmO3q2y6tg0VIb+3djFFvhHSbQvPuXRDo9u+xKwesyOaRD3 X-Received: by 2002:ac8:37ac:: with SMTP id d41mr17004721qtc.288.1588594145041; Mon, 04 May 2020 05:09:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588594145; cv=none; d=google.com; s=arc-20160816; b=SOnmHX3M+aA5s4P7CMteMwtMBzcLylZmb9ahLRhByVg3TxiLN6j6zudLbriBiwLd+9 jhBZnc3ZVdrHlrtPvJhTOa/31gUfULJFQUE9eBZKvi0rPSYZ5cO1tOte/K3J1gQKfdz9 SofP1c1Ra53VcKU+QGgy9zWCp+XkeyXHtN4GfeBGIRnNz2Hg5Z2f0UaCQZpZZIi41ZiQ lH2zL4RyiMgbkI++qo1exmY5mhoX7RhHVDZ+6jaTcvJawC/oPKft9NdJxWEykXhwxWV9 0l/jY6ajIuE7mbDc0nNk4ZxaWNq2tXKFFd559Zwk2tEl8RidNIILKiGOtBGIEcDb7De6 /+Sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from; bh=i4PZBQWT1lWk1owaBXRR7ha4wIQxrw3n7urbluKvKBM=; b=zQyU/gEegzOlq+ctE9Y/tYLVmlz8egGk7j65D8e/1OhvEqmS2xEpTZhCKug3XEV80y lkkZxnXuyUsLOsdEtnuXpXkSXdvh1sloHTTmDaMskAzjtaNPOt7OPX3ioueLKOqJdBYW k8kHqkbpmGIgvMAoVdzmg7ZPNGPRGr1a6mtuXqL+Xpo1VJyPtqrABXXReX/z8j7j/X1K i6rSg5EynLKGQX3paf64GYeyeR00OIk99/eDIVooUyL1px3lyaKYH2NX+0lz9V/Rayeo Kkyx+h4Hao3ZiAdDVUtu2m8Vj1UWgai95iG+hSvM9m9Pmi6vLl3/8CFNY3G1YuTsWqwG wzdg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:470:142::17]) by mx.google.com with ESMTPS id h32si6216580qtd.298.2020.05.04.05.09.04 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 04 May 2020 05:09:05 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:470:142::17 as permitted sender) client-ip=2001:470:142::17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1]:36346 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jVZuC-0001Ip-JS for patch@linaro.org; Mon, 04 May 2020 08:09:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52062) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jVZjt-000393-37; Mon, 04 May 2020 07:58:25 -0400 Received: from mout.kundenserver.de ([212.227.17.13]:38807) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jVZjp-00027i-02; Mon, 04 May 2020 07:58:24 -0400 Received: from localhost.localdomain ([82.252.135.106]) by mrelayeu.kundenserver.de (mreue106 [212.227.15.183]) with ESMTPSA (Nemesis) id 1Mn1mb-1ipg1502hr-00kARR; Mon, 04 May 2020 13:58:12 +0200 From: Laurent Vivier To: qemu-devel@nongnu.org Subject: [PULL 08/20] elf_ops: Don't try to g_mapped_file_unref(NULL) Date: Mon, 4 May 2020 13:57:46 +0200 Message-Id: <20200504115758.283914-9-laurent@vivier.eu> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200504115758.283914-1-laurent@vivier.eu> References: <20200504115758.283914-1-laurent@vivier.eu> MIME-Version: 1.0 X-Provags-ID: V03:K1:BQ5r9yph8+G/Az6IX8fW6EIIjsM+kUd3mF51aPquBfwZdBe78HQ eJny12BmQEzKP8RuUE9iCi84G9lQkzH84XG1tI0BSjC4quvIP1FWMvd5pHl8s1dMCMQcmMq HQ/ZxSNvlyXyh1WBdViEbgdbjsSe4iTbQPZQC/nZ0qrsH/WQ5FI3bVxbct72uEReOO+FK2o 8PG5uPIteltoGpTuG3VQQ== X-UI-Out-Filterresults: notjunk:1; V03:K0:XJXUFm27smw=:7Iahaa0JmqSlE5YatvC0bp 6dutlD/QcvXKvsQesDZwrOqnOx2bgnQgs2kE2tjaUEt4pqrUr4hhvfv39aviY2DJIIe9CAJ4W 4dLdNRocSko0IUkiOFLyNLZ+f7EmktNNPRAoAlaoMIQ4vXqRWpuY2bgyW7C0qIkffQvK8r4HF Sz5f1OP1QfMbrnoiLprwcRt1bnbr4E+uTJMYxTKDkRMn0FFgLIaN5PQzMmYxfoLmZuvxEoX+L vEhOHJiJMZOZ/rbzEMZN++Nz03/jO8Xvhre069TkTwfOCAPI3+YKpKiAitq0ict5J3+jYHqJE YoH1O78NYE6fBnw98wvxqpDgmEJ2tRrqrMZCYeCueOw5CZu82fhPBZctFOb16ajAGfwqsHqq/ RXF5HOF9c8OuZuTbzeYZeZTBSsFPdzQFHe2roUdntS30VfNcRxEVfKBCFlH1/pAhtUNtRnR9/ JqSSzlEHhYYS3A/mKOXqibmtBvjWdvs72zdgVDClXvDizo5nCnZ3x8b37wTWUSGnfyyHXZKkt 02mF77bMEosg/WCYQfxqB2P+VF3dSktHaWPNvo1qxqTICMevNLvo0wiuwS9yZhB7hDeDh1apY Q9HY/6dKQZyAGC0kNRm4Qfh/H57BxpKXm97/0gPFLqhf0/ODnTxQiEv4uibzfd4WcZaszuPV4 AAFFoWLzyHdQlLrC6oheP5UU7AwyBWQYZHkhQOS3ZLnoHkV59Rf1/f3IFn6c1Cew+9sOuZOch kLc9mRWuqphz92qXxtNVPe7uFKs4K16kkCjR+pOQojIVp1RqaZlAirT3gBMEJ9bXvijOxagSP lBRiOWlL2GF4INTR0VwQJjJAA0JU0c+GxMxvJS/N+pLw4C45JMpac3WpyjunCJTPIuvCMUF Received-SPF: none client-ip=212.227.17.13; envelope-from=laurent@vivier.eu; helo=mout.kundenserver.de X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/04 07:58:14 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , qemu-trivial@nongnu.org, Michael Tokarev , Laurent Vivier , Randy Yates , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Stefano Garzarella Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell Calling g_mapped_file_unref() on a NULL pointer is not valid, and glib will assert if you try it. $ qemu-system-arm -M virt -display none -device loader,file=/tmp/bad.elf qemu-system-arm: -device loader,file=/tmp/bad.elf: GLib: g_mapped_file_unref: assertion 'file != NULL' failed (One way to produce an ELF file that fails like this is to copy just the first 16 bytes of a valid ELF file; this is sufficient to fool the code in load_elf_ram_sym() into thinking it's an ELF file and calling load_elf32() or load_elf64().) The failure-exit path in load_elf can be reached from various points in execution, and for some of those we haven't yet called g_mapped_file_new_from_fd(). Add a condition to the unref call so we only call it if we successfully created the GMappedFile to start with. This will fix the assertion; for the specific case of the generic loader it will then fall back from "guess this is an ELF file" to "maybe it's a uImage or a hex file" and eventually to "just load as a raw data file". Reported-by: Randy Yates Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Stefano Garzarella Message-Id: <20200423202011.32686-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier --- include/hw/elf_ops.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.26.2 diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h index e0bb47bb678d..398a4a2c85bb 100644 --- a/include/hw/elf_ops.h +++ b/include/hw/elf_ops.h @@ -606,7 +606,9 @@ static int glue(load_elf, SZ)(const char *name, int fd, *highaddr = (uint64_t)(elf_sword)high; ret = total_size; fail: - g_mapped_file_unref(mapped_file); + if (mapped_file) { + g_mapped_file_unref(mapped_file); + } g_free(phdr); return ret; }