From nobody Sun Feb 8 12:32:45 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1587673323; cv=none; d=zohomail.com; s=zohoarc; b=DnJ/kDDuZNJ1+UUGo26/ePvG8PRVInXBpmU0UWJTa6C+yO7Xj0YIgIE6hM6WxcPLjWvflUKo7v7/GfonsH5wYg/5U7iUXgDeTMaTTo4kdKbXm0vbdxxZa4fwDvMpYT8AUY6JQkIG107jRkznJcH4DpwX3aMopieDhUSADQG6v0g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587673323; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=uzNcoSaHAxnC2uxrv5wEs3MnYadshJL173MPoerjSJs=; b=AIXmORKjF75Z5zTpVgeA03pAA7p7YxuwcsYQNTDUT1av0k5tH4wYlvqkBmTJxXCBcr7BR5Goilp8KxuO/OVdgtOSd/iOYRzCp3JSkqZZfPzb2aJJV9lP0Hp6zY9SFLx78qTzQT+z8gP3bEw2GbwPVeWDLDRHIAwVfUa316sEhpM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1587673323050245.9984037771461; Thu, 23 Apr 2020 13:22:03 -0700 (PDT) Received: from localhost ([::1]:39660 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jRiMD-0004PY-6l for importer@patchew.org; Thu, 23 Apr 2020 16:22:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54928) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jRiKg-0002bs-JH for qemu-devel@nongnu.org; Thu, 23 Apr 2020 16:20:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jRiKW-0001ZU-IA for qemu-devel@nongnu.org; Thu, 23 Apr 2020 16:20:26 -0400 Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:42240) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jRiKV-0001V7-WE for qemu-devel@nongnu.org; Thu, 23 Apr 2020 16:20:16 -0400 Received: by mail-wr1-x441.google.com with SMTP id j2so8173297wrs.9 for ; Thu, 23 Apr 2020 13:20:15 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id u127sm5149308wme.8.2020.04.23.13.20.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Apr 2020 13:20:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=uzNcoSaHAxnC2uxrv5wEs3MnYadshJL173MPoerjSJs=; b=ZxCVaVATqzDtxHkVpAKLax76QNbBsWfQpnKnJWtP+DLiZEBDJ7CgaLxI/kgGWewESr LJQjrBkLRqiYQkWkf+4Jc5IBiM8mMJuaNUZJXJlyZUDacgULXT83Jnkrl2Nzq/NhvjWR i3A648MXV2kO4aT6YxcwNGKQFi2Ouv86uOaPKO6losOWBiGK+x3s0pIlgIQldUM3GL+h iZDIYlynL7Yx0BYItyJW8Y0/nVXO0pkw8U7fCX0vdqL59lx2sQbm3q/UuzyoU7mPyWUX RC1kwZmhqLXo43zLfQwUb0xBkYkNXzcWzUsdkMEeXA2YBlWN35hllZvP4AgtwTOgYmRa CmrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=uzNcoSaHAxnC2uxrv5wEs3MnYadshJL173MPoerjSJs=; b=eBsj8ANdf7YtdPLE9VdmbUcln9CV6Z+Z5xDY+C4xi3hQ0NCnaYTnCqLrLhdJ3puRr1 BMPbkIulrbgepFxjFlJ3p4OtVwuvoUi0MWrYTIPGObOUId1eHLim0e5MrmnyaoZav3Qq 99tkO/hpgcurZ/ViZYsUB+vIXqUViElB99eGOEF41meD5vsZQ+A+tR+onOYYOiVxh0kx e4o2eZiz3IEIEkt2oXSjLTaGJ4jPZpwjlzB4Ufi4M/fBwdKazSubMGDnFc+1+fvamhF5 NO/mno5vgdD6PEMr9LnH3hbEE6bU9RWY1vpvMofX1oBE5+EPueZlRXcMsktBSHQsNi7f GTiw== X-Gm-Message-State: AGi0Pubf7iXshLDoDBEdMbQBzZjTGmTBMFfmj28iNRGoaMTcA6RxwAZI ume42hAwSzBZTVNwa3N9Kjq6bbdW8bS1hw== X-Google-Smtp-Source: APiQypKZMh/f0iwH4Fxvz1muefMi8nuA1G6xiow7VLVE5+E9mVK8rDQfWDzAWUPK1yy1KWUhowNVMg== X-Received: by 2002:a5d:6b86:: with SMTP id n6mr6697619wrx.113.1587673213824; Thu, 23 Apr 2020 13:20:13 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org, qemu-trivial@nongnu.org Subject: [PATCH] elf_ops: Don't try to g_mapped_file_unref(NULL) Date: Thu, 23 Apr 2020 21:20:11 +0100 Message-Id: <20200423202011.32686-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::441; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x441.google.com X-detected-operating-system: by eggs.gnu.org: Error: [-] PROGRAM ABORT : Malformed IPv6 address (bad octet value). Location : parse_addr6(), p0f-client.c:67 X-Received-From: 2a00:1450:4864:20::441 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Randy Yates Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @linaro.org) Content-Type: text/plain; charset="utf-8" Calling g_mapped_file_unref() on a NULL pointer is not valid, and glib will assert if you try it. $ qemu-system-arm -M virt -display none -device loader,file=3D/tmp/bad.elf qemu-system-arm: -device loader,file=3D/tmp/bad.elf: GLib: g_mapped_file_un= ref: assertion 'file !=3D NULL' failed (One way to produce an ELF file that fails like this is to copy just the first 16 bytes of a valid ELF file; this is sufficient to fool the code in load_elf_ram_sym() into thinking it's an ELF file and calling load_elf32() or load_elf64().) The failure-exit path in load_elf can be reached from various points in execution, and for some of those we haven't yet called g_mapped_file_new_from_fd(). Add a condition to the unref call so we only call it if we successfully created the GMappedFile to start with. This will fix the assertion; for the specific case of the generic loader it will then fall back from "guess this is an ELF file" to "maybe it's a uImage or a hex file" and eventually to "just load as a raw data file". Reported-by: Randy Yates Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Stefano Garzarella --- include/hw/elf_ops.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h index e0bb47bb678..398a4a2c85b 100644 --- a/include/hw/elf_ops.h +++ b/include/hw/elf_ops.h @@ -606,7 +606,9 @@ static int glue(load_elf, SZ)(const char *name, int fd, *highaddr =3D (uint64_t)(elf_sword)high; ret =3D total_size; fail: - g_mapped_file_unref(mapped_file); + if (mapped_file) { + g_mapped_file_unref(mapped_file); + } g_free(phdr); return ret; } --=20 2.20.1