Page MenuHomeFreeBSD
Differential D35106

partedit: Check allocated strings for UFS auto partitioning
Needs ReviewPublic
Actions

Authored by asiciliano on May 1 2022, 3:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Feb 1, 9:13 PM
Unknown Object (File)
Oct 3 2024, 8:35 AM
Unknown Object (File)
Sep 27 2024, 5:17 PM
Unknown Object (File)
Sep 15 2024, 4:54 PM
Unknown Object (File)
Sep 7 2024, 12:06 PM
Unknown Object (File)
Jul 10 2024, 8:00 AM
Unknown Object (File)
Jul 2 2024, 12:19 AM
Unknown Object (File)
Jul 1 2024, 5:27 PM
View All 28 Files
Subscribers
imp
This revision needs review, but there are no reviewers specified.

Details

Reviewers
None
Summary

After this commit "bsdinstall/partedit: Fix UFS auto partitioning" https://cgit.freebsd.org/src/commit/?id=9b4c606b96ce8a8b011dc50295c71c38741a0f4f

+	} else { /* auto partitioning */
+		items[0].value = strdup(items[0].init);
+		items[1].value = strdup(items[1].init);
+		items[2].value = strdup(items[2].init);
+		if (nitems > 3)
+			items[3].value = strdup(items[3].init);
 	}

a report suggests to check the output of strdup() https://lists.freebsd.org/archives/dev-commits-src-main/2022-April/006059.html

Maybe it could be a bit superfluous in this context, I opened this review to discuss and to get tips.
Briefly, a possible error could be an extreme case: memory full with useful data in a critical memory environment, no some naughty or huge string.

Rationale:
Currently partedit does not check the output of strdup(), probably because the size of the strings is fixed and the TUI libraries guarantee strings with limited size, usually max 16 characters. The user is not allowed to input a string of arbitrary length.

In the reported commit, the allocated strings are not "indefinite", they are almost-constants: "freebsd-[ufs|swap]", "nnn GB", "/|none", "", so the allocated memory is less than 30 bytes. It is much less than the memory required by the dialog form in the interactive case (the flow goes into the if instead of } else { /* auto partitioning */).

Anyway, let' s say we add a check (pseudocode):

// really it is (forms.value = strdup("freebsd-ufs") == NULL)
if ((items[0].value = strdup(items[0].init))== NULL)
	return;
/* ... etc ... */

If we have not 30 bytes available the partitioner will fail an instant later the "return" probably building a new dialog, each dialog/widget requires much more allocated memory than 30 bytes. Surely it will be impossible to rebuild [*] the main menu for the partition table.

Even it would not be possible to build a simple dialog msgbox to warn the user:

if (form.value = strdup("freebsd-ufs") == NULL) {
	bsddialog_msgbox(&conf, Error: Impossible to allocate 30 bytes, 0, 0);
	return;
}

\[*] Probably in this critical memory environment partedit and bsdinstall are not able to start.

However, I have not a strong opinion, if others confirm the necessity I' ll add the check. Of course, everybody can open a review to propose a better solution/idea.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

asiciliano created this revision.May 1 2022, 3:15 PM
Herald added a subscriber: imp. · View Herald TranscriptMay 1 2022, 3:15 PM
asiciliano requested review of this revision.May 1 2022, 3:15 PM
asiciliano edited the summary of this revision. (Show Details)May 1 2022, 4:19 PM
asiciliano edited the summary of this revision. (Show Details)May 1 2022, 4:22 PM
asiciliano edited the summary of this revision. (Show Details)May 1 2022, 4:28 PM
asiciliano retitled this revision from partedit: Check allocated strings for autosizing to partedit: Check allocated strings for UFS auto partitioning.May 2 2022, 2:42 AM

Revision Contents
Changeset List

PathSize
usr.sbin/
bsdinstall/
partedit/
12 lines

Diff 105616

View Options

usr.sbin/bsdinstall/partedit/gpart_ops.c

Loading...