Date: Mon, 28 Jan 2013 10:01:28 GMT From: Yuri <yuri@tsoft.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/175648: [PATCH] Fix for buffer corruption in libproc Message-ID: <201301281001.r0SA1Sl2091719@red.freebsd.org> Resent-Message-ID: <201301281010.r0SAA05A022928@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 175648
>Category: misc
>Synopsis: [PATCH] Fix for buffer corruption in libproc
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 28 10:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Yuri
>Release: 9.1-STABLE
>Organization:
n/a
>Environment:
>Description:
Please check in the attached patch.
Please MFC to 9.X.
Patch fixes the buffer corruption caused by the wrong size passed to realloc.
Bug can be experienced by calling ustack() from some dtrace script when the number of entries in /proc/PID/map is greater than 64.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: lib/libproc/proc_rtld.c
===================================================================
--- lib/libproc/proc_rtld.c (revision 245708)
+++ lib/libproc/proc_rtld.c (working copy)
@@ -44,7 +44,7 @@
if (phdl->nobjs >= phdl->rdobjsz) {
phdl->rdobjsz *= 2;
- phdl->rdobjs = realloc(phdl->rdobjs, phdl->rdobjsz);
+ phdl->rdobjs = realloc(phdl->rdobjs, sizeof(*phdl->rdobjs) * phdl->rdobjsz);
if (phdl->rdobjs == NULL)
return (-1);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301281001.r0SA1Sl2091719>