Date: Wed, 23 Mar 2005 08:28:06 +0000 (UTC) From: David Schultz <das@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/compat/svr4 svr4_stream.c Message-ID: <200503230828.j2N8S6Ti022005@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
das 2005-03-23 08:28:06 UTC
FreeBSD src repository
Modified files:
sys/compat/svr4 svr4_stream.c
Log:
Bounds check the user-supplied length used in a copyout() in
svr4_do_getmsg(). In principle this bug could disclose data from
kernel memory, but in practice, the SVR4 emulation layer is probably
not functional enough to cause the relevant code path to be executed.
In any case, the emulator has been disconnected from the build since
5.0-RELEASE.
Found by: Coverity Prevent analysis tool
Revision Changes Path
1.53 +2 -0 src/sys/compat/svr4/svr4_stream.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503230828.j2N8S6Ti022005>