From nobody Fri Oct 08 01:16:38 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B6E9212D13A6; Fri, 8 Oct 2021 01:16:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HQVdn0M7Lz3thw; Fri, 8 Oct 2021 01:16:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7E02E1E03C; Fri, 8 Oct 2021 01:16:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1981GcBe010813; Fri, 8 Oct 2021 01:16:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1981GchB010812; Fri, 8 Oct 2021 01:16:38 GMT (envelope-from git) Date: Fri, 8 Oct 2021 01:16:38 GMT Message-Id: <202110080116.1981GchB010812@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 51ddd2851e4a - stable/12 - loader: misaligned access of dos_partition structure List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 51ddd2851e4a36e28cf78dfe06125723f7d2b113 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=51ddd2851e4a36e28cf78dfe06125723f7d2b113 commit 51ddd2851e4a36e28cf78dfe06125723f7d2b113 Author: Toomas Soome AuthorDate: 2020-03-19 17:27:08 +0000 Commit: Kyle Evans CommitDate: 2021-10-08 01:15:59 +0000 loader: misaligned access of dos_partition structure armv7 crash due to misligned access of dos_partition dp_start field. Allocate and make copy of dos_partition array to make sure the data is aligned. (cherry picked from commit 87d8d5ea3dd0a8ad2c0468660805017d6d45d937) --- stand/common/part.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/stand/common/part.c b/stand/common/part.c index b84678efd3cc..69df57abb175 100644 --- a/stand/common/part.c +++ b/stand/common/part.c @@ -662,6 +662,7 @@ ptable_open(void *dev, uint64_t sectors, uint16_t sectorsize, int has_ext; #endif table = NULL; + dp = NULL; buf = malloc(sectorsize); if (buf == NULL) return (NULL); @@ -716,7 +717,11 @@ ptable_open(void *dev, uint64_t sectors, uint16_t sectorsize, goto out; } /* Check that we have PMBR. Also do some validation. */ - dp = (struct dos_partition *)(buf + DOSPARTOFF); + dp = malloc(NDOSPART * sizeof(struct dos_partition)); + if (dp == NULL) + goto out; + bcopy(buf + DOSPARTOFF, dp, NDOSPART * sizeof(struct dos_partition)); + /* * In mac we can have PMBR partition in hybrid MBR; * that is, MBR partition which has DOSPTYP_PMBR entry defined as @@ -778,6 +783,7 @@ ptable_open(void *dev, uint64_t sectors, uint16_t sectorsize, #endif /* LOADER_MBR_SUPPORT */ #endif /* LOADER_MBR_SUPPORT || LOADER_GPT_SUPPORT */ out: + free(dp); free(buf); return (table); }