Closed
Bug 1730379
Opened 3 years ago
Closed 3 years ago
ScopedMMap constructor checks checks mmap return value incorrectly
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
FIXED
94 Branch
Tracking | Status | |
---|---|---|
firefox94 | --- | fixed |
People
(Reporter: alexhenrie24, Assigned: alexhenrie24)
Details
Attachments
(1 file)
The ScopedMMap class in xpcom/glue/FileUtils.cpp currently has the following code:
explicit ScopedMMap(const char* aFilePath) : buf(nullptr) {
fd = open(aFilePath, O_RDONLY);
if (fd < 0) {
return;
}
struct stat st;
if (fstat(fd, &st) < 0) {
return;
}
size = st.st_size;
buf = (char*)mmap(nullptr, size, PROT_READ, MAP_PRIVATE, fd, 0);
}
~ScopedMMap() {
if (buf) {
munmap(buf, size);
}
if (fd >= 0) {
close(fd);
}
}
operator char*() { return buf; }
And it is used like this:
ScopedMMap buf(aFilePath);
char* base = buf;
if (!base) {
return;
}
However, mmap does not return 0 on failure but rather MAP_FAILED which is defined to be -1, so !base
is always false. This means that if mmap fails, the program will segfault instead of gracefully failing.
Assignee | ||
Comment 1•3 years ago
|
||
Updated•3 years ago
|
Assignee: nobody → alexhenrie24
Status: NEW → ASSIGNED
Pushed by nlayzell@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/307862509e37 Check mmap return value in ScopedMMap constructor. r=nika
Comment 3•3 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•