Closed Bug 1730379 Opened 3 years ago Closed 3 years ago

ScopedMMap constructor checks checks mmap return value incorrectly

Categories

(Core :: XPCOM, defect)

Firefox 94
x86_64
macOS
defect

Tracking

()

RESOLVED FIXED
94 Branch
Tracking Status
firefox94 --- fixed

People

(Reporter: alexhenrie24, Assigned: alexhenrie24)

Details

Attachments

(1 file)

The ScopedMMap class in xpcom/glue/FileUtils.cpp currently has the following code:

  explicit ScopedMMap(const char* aFilePath) : buf(nullptr) {
    fd = open(aFilePath, O_RDONLY);
    if (fd < 0) {
      return;
    }
    struct stat st;
    if (fstat(fd, &st) < 0) {
      return;
    }
    size = st.st_size;
    buf = (char*)mmap(nullptr, size, PROT_READ, MAP_PRIVATE, fd, 0);
  }
  ~ScopedMMap() {
    if (buf) {
      munmap(buf, size);
    }
    if (fd >= 0) {
      close(fd);
    }
  }
  operator char*() { return buf; }

And it is used like this:

  ScopedMMap buf(aFilePath);
  char* base = buf;
  if (!base) {
    return;
  }

However, mmap does not return 0 on failure but rather MAP_FAILED which is defined to be -1, so !base is always false. This means that if mmap fails, the program will segfault instead of gracefully failing.

Assignee: nobody → alexhenrie24
Status: NEW → ASSIGNED
Pushed by nlayzell@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/307862509e37
Check mmap return value in ScopedMMap constructor. r=nika
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: