bin/83364: [ PATCH ] improper handling of malloc failures,
bad printf format
Dan Lukes
dan at obluda.cz
Wed Jul 13 02:10:02 GMT 2005
>Number: 83364
>Category: bin
>Synopsis: [ PATCH ] improper handling of malloc failures, bad printf format
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jul 13 02:10:00 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Dan Lukes
>Release: FreeBSD 5.4-STABLE i386
>Organization:
Obludarium
>Environment:
System: FreeBSD 5.4-STABLE #8: Sat Jul 9 16:31:08 CEST 2005 i386
lib/libkvm/kvm.c,v 1.26 2004/06/08 13:08:19 stefanf
lib/libkvm/kvm_amd64.c,v 1.17 2004/05/19 18:24:13 peter
lib/libkvm/kvm_i386.c,v 1.15 2001/10/10 17:48:43 bde
lib/libkvm/kvm_proc.c,v 1.79.2.6 2005/03/01 09:30:14 obrien
lib/libkvm/Makefile,v 1.14 2003/08/18 15:25:38 obrien
>Description:
Two insufficient checking of return from _kvm_malloc() causing
possible dereference of NULL, several improper formating string within
error messages
>How-To-Repeat:
>Fix:
--- patch begins here ---
--- lib/libkvm/kvm_i386.c.ORIG Wed Oct 10 19:48:43 2001
+++ lib/libkvm/kvm_i386.c Wed Jul 13 03:45:46 2005
@@ -123,6 +123,12 @@
return (-1);
}
PTD = _kvm_malloc(kd, PAGE_SIZE);
+ if (PTD == NULL) {
+ _kvm_err(kd, kd->program, "cannot allocate PTD");
+ free(vm);
+ kd->vmst = NULL;
+ return(-1);
+ }
if (kvm_read(kd, pa, PTD, PAGE_SIZE) != PAGE_SIZE) {
_kvm_err(kd, kd->program, "cannot read PTD");
return (-1);
@@ -141,7 +147,6 @@
pt_entry_t pte;
u_long pdeindex;
u_long pteindex;
- int i;
if (ISALIVE(kd)) {
_kvm_err(kd, 0, "vatop called in live kernel!");
@@ -197,7 +202,7 @@
return (PAGE_SIZE - offset);
invalid:
- _kvm_err(kd, 0, "invalid address (%x)", va);
+ _kvm_err(kd, 0, "invalid address (%lx)", va);
return (0);
}
--- lib/libkvm/kvm_amd64.c.ORIG Fri May 28 19:19:33 2004
+++ lib/libkvm/kvm_amd64.c Wed Jul 13 03:53:22 2005
@@ -124,6 +124,12 @@
return (-1);
}
PML4 = _kvm_malloc(kd, PAGE_SIZE);
+ if (PML4 == 0) {
+ free(vm);
+ kd->vmst = NULL;
+ _kvm_err(kd, kd->program, "cannot allocate PML4");
+ return (-1);
+ }
if (kvm_read(kd, pa, PML4, PAGE_SIZE) != PAGE_SIZE) {
_kvm_err(kd, kd->program, "cannot read KPML4phys");
return (-1);
--- lib/libkvm/kvm_proc.c.ORIG Tue Mar 1 20:25:03 2005
+++ lib/libkvm/kvm_proc.c Wed Jul 13 03:50:38 2005
@@ -117,14 +117,14 @@
for (; cnt < maxcnt && p != NULL; p = LIST_NEXT(&proc, p_list)) {
memset(kp, 0, sizeof *kp);
if (KREAD(kd, (u_long)p, &proc)) {
- _kvm_err(kd, kd->program, "can't read proc at %x", p);
+ _kvm_err(kd, kd->program, "can't read proc at %p", p);
return (-1);
}
if (proc.p_state != PRS_ZOMBIE) {
if (KREAD(kd, (u_long)TAILQ_FIRST(&proc.p_threads),
&mtd)) {
_kvm_err(kd, kd->program,
- "can't read thread at %x",
+ "can't read thread at %p",
TAILQ_FIRST(&proc.p_threads));
return (-1);
}
@@ -133,7 +133,7 @@
(u_long)TAILQ_FIRST(&proc.p_ksegrps),
&mkg)) {
_kvm_err(kd, kd->program,
- "can't read ksegrp at %x",
+ "can't read ksegrp at %p",
TAILQ_FIRST(&proc.p_ksegrps));
return (-1);
}
@@ -141,7 +141,7 @@
if (KREAD(kd,
(u_long)TAILQ_FIRST(&mkg.kg_kseq), &mke)) {
_kvm_err(kd, kd->program,
- "can't read kse at %x",
+ "can't read kse at %p",
TAILQ_FIRST(&mkg.kg_kseq));
return (-1);
}
@@ -209,7 +209,7 @@
if (proc.p_sigacts != NULL) {
if (KREAD(kd, (u_long)proc.p_sigacts, &sigacts)) {
_kvm_err(kd, kd->program,
- "can't read sigacts at %x", proc.p_sigacts);
+ "can't read sigacts at %p", proc.p_sigacts);
return (-1);
}
kp->ki_sigignore = sigacts.ps_sigignore;
@@ -218,7 +218,7 @@
if ((proc.p_sflag & PS_INMEM) && proc.p_stats != NULL) {
if (KREAD(kd, (u_long)proc.p_stats, &pstats)) {
_kvm_err(kd, kd->program,
- "can't read stats at %x", proc.p_stats);
+ "can't read stats at %p", proc.p_stats);
return (-1);
}
kp->ki_start = pstats.p_start;
@@ -240,7 +240,7 @@
else if (proc.p_pptr) {
if (KREAD(kd, (u_long)proc.p_pptr, &pproc)) {
_kvm_err(kd, kd->program,
- "can't read pproc at %x", proc.p_pptr);
+ "can't read pproc at %p", proc.p_pptr);
return (-1);
}
kp->ki_ppid = pproc.p_pid;
@@ -249,14 +249,14 @@
if (proc.p_pgrp == NULL)
goto nopgrp;
if (KREAD(kd, (u_long)proc.p_pgrp, &pgrp)) {
- _kvm_err(kd, kd->program, "can't read pgrp at %x",
+ _kvm_err(kd, kd->program, "can't read pgrp at %p",
proc.p_pgrp);
return (-1);
}
kp->ki_pgid = pgrp.pg_id;
kp->ki_jobc = pgrp.pg_jobc;
if (KREAD(kd, (u_long)pgrp.pg_session, &sess)) {
- _kvm_err(kd, kd->program, "can't read session at %x",
+ _kvm_err(kd, kd->program, "can't read session at %p",
pgrp.pg_session);
return (-1);
}
@@ -269,14 +269,14 @@
if ((proc.p_flag & P_CONTROLT) && sess.s_ttyp != NULL) {
if (KREAD(kd, (u_long)sess.s_ttyp, &tty)) {
_kvm_err(kd, kd->program,
- "can't read tty at %x", sess.s_ttyp);
+ "can't read tty at %p", sess.s_ttyp);
return (-1);
}
kp->ki_tdev = (uintptr_t)tty.t_dev; /* XXX: wrong */
if (tty.t_pgrp != NULL) {
if (KREAD(kd, (u_long)tty.t_pgrp, &pgrp)) {
_kvm_err(kd, kd->program,
- "can't read tpgrp at %x",
+ "can't read tpgrp at %p",
tty.t_pgrp);
return (-1);
}
@@ -286,7 +286,7 @@
if (tty.t_session != NULL) {
if (KREAD(kd, (u_long)tty.t_session, &sess)) {
_kvm_err(kd, kd->program,
- "can't read session at %x",
+ "can't read session at %p",
tty.t_session);
return (-1);
}
@@ -970,7 +970,7 @@
while (len > 0) {
errno = 0;
if (lseek(fd, (off_t)uva, 0) == -1 && errno != 0) {
- _kvm_err(kd, kd->program, "invalid address (%x) in %s",
+ _kvm_err(kd, kd->program, "invalid address (%lx) in %s",
uva, procfile);
break;
}
--- lib/libkvm/kvm.c.ORIG Wed Jun 16 12:48:38 2004
+++ lib/libkvm/kvm.c Wed Jul 13 03:46:56 2005
@@ -356,7 +356,7 @@
*/
errno = 0;
if (lseek(kd->vmfd, (off_t)kva, 0) == -1 && errno != 0) {
- _kvm_err(kd, 0, "invalid address (%x)", kva);
+ _kvm_err(kd, 0, "invalid address (%lx)", kva);
return (-1);
}
cc = read(kd->vmfd, buf, len);
@@ -418,7 +418,7 @@
*/
errno = 0;
if (lseek(kd->vmfd, (off_t)kva, 0) == -1 && errno != 0) {
- _kvm_err(kd, 0, "invalid address (%x)", kva);
+ _kvm_err(kd, 0, "invalid address (%lx)", kva);
return (-1);
}
cc = write(kd->vmfd, buf, len);
--- lib/libkvm/Makefile.ORIG Sun Aug 24 20:47:25 2003
+++ lib/libkvm/Makefile Wed Jul 13 03:56:42 2005
@@ -15,4 +15,6 @@
MLINKS+=kvm_open.3 kvm_close.3 kvm_open.3 kvm_openfiles.3
MLINKS+=kvm_read.3 kvm_write.3
+WARNS+=2
+
.include <bsd.lib.mk>
--- patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list