From bf88e6fa0de04f61db7f752a31d48bb874d0ec9d Mon Sep 17 00:00:00 2001 From: msaitoh Date: Wed, 4 Jul 2018 07:25:47 +0000 Subject: [PATCH] Don't allocate memory and return EFTYPE if sc->sc_blobsize==0 to prevent panic in firmware_malloc(). --- sys/kern/kern_cpu.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_cpu.c b/sys/kern/kern_cpu.c index 97725e965dcd..02690cf50daf 100644 --- a/sys/kern/kern_cpu.c +++ b/sys/kern/kern_cpu.c @@ -1,4 +1,4 @@ -/* $NetBSD: kern_cpu.c,v 1.73 2018/03/18 00:51:46 christos Exp $ */ +/* $NetBSD: kern_cpu.c,v 1.74 2018/07/04 07:25:47 msaitoh Exp $ */ /*- * Copyright (c) 2007, 2008, 2009, 2010, 2012 The NetBSD Foundation, Inc. @@ -56,7 +56,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_cpu.c,v 1.73 2018/03/18 00:51:46 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_cpu.c,v 1.74 2018/07/04 07:25:47 msaitoh Exp $"); #include "opt_cpu_ucode.h" @@ -602,6 +602,11 @@ cpu_ucode_load(struct cpu_ucode_softc *sc, const char *fwname) } sc->sc_blobsize = firmware_get_size(fwh); + if (sc->sc_blobsize == 0) { + error = EFTYPE; + firmware_close(fwh); + goto err0; + } sc->sc_blob = firmware_malloc(sc->sc_blobsize); if (sc->sc_blob == NULL) { error = ENOMEM;