From: Chris Mason <clm@meta.com>
Date: Fri, 22 May 2026 16:23:03 +0000 (-0700)
Subject: dissect-image: fix wrong errno on pread failure
X-Git-Tag: v261-rc2~34^2~5
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=fa0cd9b79f85dc6d24cd7d3f7c554b35bd5191fd;p=thirdparty%2Fsystemd.git

dissect-image: fix wrong errno on pread failure

In acquire_sig_for_roothash() the pread() failure branch returns
-ENOMEM, which is copy-pasted from the malloc() check immediately
above it:

    _cleanup_free_ char *buf = new(char, partition_size+1);
    if (!buf)
            return -ENOMEM;

    ssize_t n = pread(fd, buf, partition_size, partition_offset);
    if (n < 0)
            return -ENOMEM;

pread() sets errno to the actual I/O failure (EIO, EINTR, EBADF,
...). Aliasing those to -ENOMEM misleads dissect_log_error() and
any caller that branches on the returned code; verity signature
lookup failures get reported as out-of-memory.

Fix by returning -errno from the pread() failure branch. The
malloc() branch above is correct and unchanged.

Fixes: 98ca65c36aa9 ("dissect: check that roothash in signature matches before selecting partition")
Assisted-by: kres (claude-opus-4-7)
Signed-off-by: Chris Mason <clm@meta.com>
---

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index f1149cdaa6d..db813a7eb4e 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -717,7 +717,7 @@ static int acquire_sig_for_roothash(
 
         ssize_t n = pread(fd, buf, partition_size, partition_offset);
         if (n < 0)
-                return -ENOMEM;
+                return -errno;
         if ((uint64_t) n != partition_size)
                 return -EIO;