From nobody Fri Dec 19 02:57:14 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1752169951; cv=none; d=zohomail.com; s=zohoarc; b=OCSDMuJ7ni9GwcC8xXrG/zLEvVFlfXPtGIh9OPJNXuqPx56Jts4OvOoOBuvaaL47WR0sJFQC+k6Y82aKU4H3BHxBiiasxaZp6CXzZ0RJzjPwgxnSJQ9qWLAcVMj9fJlGTPdkv1222/oRgkkvF7R6qja/H2xRe3SUuKjGb03MsWo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752169951; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=7gTuvH1dt5vpBYw5uT/toR3K2zUXQ7OTXLoFMjuOST4=; b=ET4mcMujcvksP6Zwqrfcyh8BgmdUdHRXvTXMljv4XqBv63yqU0Y7sY1bGroRlZffzxs/NmrVlyOaHyAfvCu5LHNnK/TTj+k5RLXiLkgI+53blbtnNwuS2VY5BFp90kUSBeKnNB/w4CZVoyTbpnpBIsGSGdp+/0hfuO/7xonlfOg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1752169950969292.9237448524742; Thu, 10 Jul 2025 10:52:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uZvRV-0001R3-QF; Thu, 10 Jul 2025 13:52:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uZujq-0008Nj-Do for qemu-devel@nongnu.org; Thu, 10 Jul 2025 13:07:19 -0400 Received: from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uZujo-0008OP-1l for qemu-devel@nongnu.org; Thu, 10 Jul 2025 13:07:13 -0400 Received: by mail-wr1-x42c.google.com with SMTP id ffacd0b85a97d-3a6e2d85705so853491f8f.0 for ; Thu, 10 Jul 2025 10:07:11 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3b5e8bd1924sm2392681f8f.16.2025.07.10.10.07.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Jul 2025 10:07:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1752167230; x=1752772030; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7gTuvH1dt5vpBYw5uT/toR3K2zUXQ7OTXLoFMjuOST4=; b=QUT1QRIMp061Eso2qa+m0djUGnIWfKPob7Z6iosA7k83fN7pAsTnA5zMEynJvkjgxB 3tnndHpaoGE5wRtz3DBWInlCe57hfqHSFCelqFgbMrLa2Agi9V6CFxljntAcx/NUfKI/ JPDZ3HFKmwW9sdBkpYs5yPVlSKlTu2NCvrtYhYIHXNqPjqX4AD+z1nU66ZN6c/ixtEBm PPGhpHCBW3plPBlmzz6i4HZ1GFxszaiHYd6FxemOjFW58PxL5iT/zkYVumJQdrsUglhy WdDvP1DMvd9ZLCKJO/e+lkhRxXWVcUUl5cfNeCUViNfV6rOuEetY1wXJB5CsU61bZikf 9oRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752167230; x=1752772030; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7gTuvH1dt5vpBYw5uT/toR3K2zUXQ7OTXLoFMjuOST4=; b=AqsejmcXTfYC5ko+izlCbEqLzL75k8kqpEgNwlfiwPZgF4PG9OCb2TLJeeFA4iTVXr poZxhGMrnCdexrkCQ/LTYAGx5AKOpsyOmwbofwYoiMOffaYPMR13npwM+BfH5BZ5/wV9 3icCdnIoZmALzE/HyHFW/RaAjPleXp3Jd769rxI4qoJgguaGAH0ceNKU3O3NdHHidzjF ixVOA0olzFhd/5kZSSxOv1yiVZpHATIfZ6ELNpB+sshSDIKmrzAT8n6SEEO6LSVQxDXZ x4siFhYrLqbvs2S20Ea80rplq7scbepDB3oqcdw319beyVobAqRM6vfx7o9wlZR0jooU Qaxw== X-Gm-Message-State: AOJu0YxvipPtgbMyhEqRKty7CMI9dVojwCglhQmLw2h0PznOEHzpvAQf plVfdS1Z38sGGKi64QFPWx4lwPc3yzPl6GOEG/tvPg+Ae9p+0NgAbdmO4RQgcWHOIPlS/Ph8RZK zD7TE X-Gm-Gg: ASbGncuZeebGf6XxwUo3sCvxnGsLa1h6GTYk5yCOlDOzMpjRvlpba8Rmaz6z6BqFlfX 9QsG4RD7c77eg5y9ApyeESYlyCs9wAZAiS8AuoaI4uRG4IkDzK2aAAJEN0tFpk0xHdt6F7h97VW DvbN8eEs9CzzWZuDN3sPgAWe5OvDBf+43lTLQdUO3djvK7fuJVtQ0xGMrGhHvRMYEvV1YHWmNUI S/inG6Qm4YrNshKE61I9/WEEODOzpnEJppc7UBDgowEcTE6/J6a4Ia3gvTNH6ensODjaNiohirz kx8y75gfNY/TDsHcymtsKpSY+Y0cSX/evsH0K7soLM2kQM8v9N6Dix0SCR/sME2I1QKH X-Google-Smtp-Source: AGHT+IH6UQ5qQtIJGBJZPC8SnI3AhfDJVChHtKFMUtTt2+KON0SsmZ+Xlnbcchh+SuiF2fk9ze+EjQ== X-Received: by 2002:a05:6000:4b1d:b0:3b4:9b82:d432 with SMTP id ffacd0b85a97d-3b5f17f8329mr410354f8f.0.1752167230420; Thu, 10 Jul 2025 10:07:10 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: Laurent Vivier , Richard Henderson Subject: [PATCH 1/2] linux-user/gen-vdso: Handle fseek() failure Date: Thu, 10 Jul 2025 18:07:06 +0100 Message-ID: <20250710170707.1299926-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250710170707.1299926-1-peter.maydell@linaro.org> References: <20250710170707.1299926-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::42c; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1752169953304116600 Content-Type: text/plain; charset="utf-8" Coverity points out that we don't check for fseek() failure in gen-vdso.c, and so we might pass -1 to malloc(). Add the error checking. (This is a standalone executable that doesn't link against glib, so we can't do the easy thing and use g_file_get_contents().) Coverity: CID 1523742 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- linux-user/gen-vdso.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/linux-user/gen-vdso.c b/linux-user/gen-vdso.c index fce9d5cbc3c..1c406d1b10f 100644 --- a/linux-user/gen-vdso.c +++ b/linux-user/gen-vdso.c @@ -113,9 +113,16 @@ int main(int argc, char **argv) * We expect the vdso to be small, on the order of one page, * therefore we do not expect a partial read. */ - fseek(inf, 0, SEEK_END); + if (fseek(inf, 0, SEEK_END) < 0) { + goto perror_inf; + } total_len =3D ftell(inf); - fseek(inf, 0, SEEK_SET); + if (total_len < 0) { + goto perror_inf; + } + if (fseek(inf, 0, SEEK_SET) < 0) { + goto perror_inf; + } =20 buf =3D malloc(total_len); if (buf =3D=3D NULL) { --=20 2.43.0 From nobody Fri Dec 19 02:57:14 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1752169752; cv=none; d=zohomail.com; s=zohoarc; b=mEvUZkDUYk2gkL2bIt+d+raFZ40BwxJHdyHcpT0dCvDNA2fpr/9MpcWr/GHjg+x9jyiEOJrSdoMIix10Fay7BogswNLlKZPF+CgogDJe6YWtH8LtOCZHV2rmFCVyuZssPkjvEIvwf0f5iost5+H4ErrQLgwSNRShd6G7T285XX0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752169752; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=9XxLajNnEOgzn/U5YhS2+NClHEe7hBurz/mJ58vDCYw=; b=lERbUdG4i8mSPIKSEPtKS9ujYu64EI0Lq3xjwjRPohG2Dxu84fCtrwdHZuGKuZU+XgwP0GjJwEonhdLA8BXKhaveXHMGZzYtTU1hOvtuiRNYATSQ68BerF0bX0NWSISmzBXR2EBEhPqBENmmx1MezwpYa0sKZc4kfW1prIrHY30= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1752169752105559.579751355564; Thu, 10 Jul 2025 10:49:12 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uZvOF-0005gr-Mx; Thu, 10 Jul 2025 13:49:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uZujr-0008PT-Sn for qemu-devel@nongnu.org; Thu, 10 Jul 2025 13:07:19 -0400 Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uZujq-0008OZ-5D for qemu-devel@nongnu.org; Thu, 10 Jul 2025 13:07:15 -0400 Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-3a5123c1533so692417f8f.2 for ; Thu, 10 Jul 2025 10:07:12 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3b5e8bd1924sm2392681f8f.16.2025.07.10.10.07.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Jul 2025 10:07:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1752167232; x=1752772032; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9XxLajNnEOgzn/U5YhS2+NClHEe7hBurz/mJ58vDCYw=; b=rP2Ovl0LN8w7S8pHVPAGLWlar6a1WKfLCgFARIx6EFQ49fDmLVLkCzF0jM7U+LtvH0 cGUjXPH0fO8ThDuoE3DKvCGlj8XXHgcs+5QtlRVIkF0GQyaLUOF4X3A5C9chR7YEvhoC lbXZFlT2qdOBk9yBjFzMHYfJnPsloxHXOcH13HmnVmQeBYOzL8u2NIFElFzBGTrJsIyn dotACC6t9on53JMYYzWOYst/ROioMuMbBtH6XuuX9OGLjISBqOZ34Yl4U6UCR4hV/6OP qIAE+rCMDPi7hPod3HZRSw2f6StCx728grthjTgCSDlxBAIrJl02vGZJv+TFZgxkPbUE Fitw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752167232; x=1752772032; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9XxLajNnEOgzn/U5YhS2+NClHEe7hBurz/mJ58vDCYw=; b=k8qgL8rWorCsmN0oRHmLaNlSrZSwwVzH9tkSyIjYP0/RM0LH7t4fpOe/+J6z+3hoaO 1cD0GeAhstwCiv9/R56yIavcTGznuj4aDR5ZpDQYDA9YV+FxjNHF6OXiVwhzploFIGgg Vghwk/l62+qJG9iFxcVieyip0H7KPa9z2EX9elaGQX6lAl0adD8vhNnMp24C4bSaSCQc OdhWNRnNouapXi/U4OQI4QMRx2HtRy0SotidFqQLUp4qs9DZP+CAmQh80VIEsmUb57RJ XMmJ34v4QlSDO9JEjeunVTxQv5GETICLTTJPF1xzUT6F+PTtbvrdm3zIE7MAE0V4WGAI uInw== X-Gm-Message-State: AOJu0Yy3CsRYeBFuT8ZHy0E/Qt2+h3lzoiZ3SCvFmpkdtZJbT26H+cUJ Aib6lUPTwWnl1dkNcsn0hy48NK3q4tPTk72NZ8hxig15ugFHXEN7DccmQduCz6uwRl9Is+V14Yi iPWMr X-Gm-Gg: ASbGncvjwKMEEEM7/PTZiYGV9zAQbmQRu03LZv37gnpisoLHTZXpc+OIPLM839rp4eZ oiGSHXnAGh6WGJrqTsN/275j1Gu8aCL4/JnqSs435/Ljcg/+EE1argUjZD/p5Ue+3MzFDXhAj3Y Swv2s7x5ek7tkfg5M01MEf8nFltdC3G7BYf6wps/QW/WktX52tV3orko1wGthqKUgDls0Ntie5q G2HFWfc4BwGLW2JvXGCV9Do5+EkZ8bLK2I9fAfIbZG1nob355lq93YDb5exUJT8DKCZmDCU4IdC 74iefuGN9HUQnRN+thiHaX6AiUTN2jWAitZgFTBDRSOCL8CWeLk4ANpTySDfIYHY7qkj X-Google-Smtp-Source: AGHT+IF6wdyzel+pJKvTekPtIacF7kb0VNo03aq+EHs3rJo3cAAnRLvs9B8N0Ce/CRjRlmJ8SnWADA== X-Received: by 2002:a05:6000:21c9:b0:3b2:dfc6:2485 with SMTP id ffacd0b85a97d-3b5f187ebcfmr216275f8f.4.1752167231644; Thu, 10 Jul 2025 10:07:11 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: Laurent Vivier , Richard Henderson Subject: [PATCH 2/2] linux-user/gen-vdso: Don't write off the end of buf[] Date: Thu, 10 Jul 2025 18:07:07 +0100 Message-ID: <20250710170707.1299926-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250710170707.1299926-1-peter.maydell@linaro.org> References: <20250710170707.1299926-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::429; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x429.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1752169752933116600 Content-Type: text/plain; charset="utf-8" In gen-vdso we load in a file and assume it's a valid ELF file. In particular we assume it's big enough to be able to read the ELF information in e_ident in the ELF header. Add a check that the total file length is at least big enough for all the e_ident bytes, which is good enough for the code in gen-vdso.c. This will catch the most obvious possible bad input file (truncated) and allow us to run the sanity checks like "not actually an ELF file" without potentially crashing. The code in elf32_process() and elf64_process() still makes assumptions about the file being well-formed, but this is OK because we only run it on the vdso binaries that we create ourselves in the build process by running the compiler. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- Hardening all of elf*_process() seems like overkill, but this is an easy check to add. --- linux-user/gen-vdso.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/linux-user/gen-vdso.c b/linux-user/gen-vdso.c index 1c406d1b10f..aeaa927db8f 100644 --- a/linux-user/gen-vdso.c +++ b/linux-user/gen-vdso.c @@ -124,6 +124,11 @@ int main(int argc, char **argv) goto perror_inf; } =20 + if (total_len < EI_NIDENT) { + fprintf(stderr, "%s: file too small (truncated?)\n", inf_name); + return EXIT_FAILURE; + } + buf =3D malloc(total_len); if (buf =3D=3D NULL) { goto perror_inf; --=20 2.43.0