Date: Sun, 03 Dec 2023 23:19:21 +0000 From: bugzilla-noreply@freebsd.org To: wireless@FreeBSD.org Subject: [Bug 275515] Out of bounds memory access in siba_bhndb.c Message-ID: <bug-275515-21060@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275515 Bug ID: 275515 Summary: Out of bounds memory access in siba_bhndb.c Product: Base System Version: 14.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: wireless Assignee: wireless@FreeBSD.org Reporter: frank.hilgendorf@posteo.de In /usr/src/sys/dev/bhnd/siba/siba_bhndb.c, in the class definition a wrong softc struct is used. This causes out of bound memory accesses in the drive= r.=20 These were observed with KASAN activated in the Kernel. Hardware: =E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94- Macbook Pro 3,1 with Broadcom BCM4321 wireless card Patch: =E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94- 289 - sizeof(struct siba_softc), bhnd_bhndb_driver, siba_driver); 289 + sizeof(struct siba_bhndb_softc), bhnd_bhndb_driver, siba_driver); --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275515-21060>