Date: Sat, 23 Mar 2013 08:48:45 +0000 (UTC) From: Andriy Gapon <avg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r248640 - head/sys/cddl/dev/fbt Message-ID: <201303230848.r2N8mjmT055747@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: avg Date: Sat Mar 23 08:48:44 2013 New Revision: 248640 URL: http://svnweb.freebsd.org/changeset/base/248640 Log: fbt_typoff_init: fix an off by one in determining required memory size This issue would be silent most of the time, but if the requested memory is a multiple of a page size, then accessing one element beyond the end would lead to a kernel page fault. Otherwise, the unlucky last type would just be inaccessible. Reported by: glebius Tested by: glebius MFC after: 6 days Modified: head/sys/cddl/dev/fbt/fbt.c Modified: head/sys/cddl/dev/fbt/fbt.c ============================================================================== --- head/sys/cddl/dev/fbt/fbt.c Sat Mar 23 07:57:30 2013 (r248639) +++ head/sys/cddl/dev/fbt/fbt.c Sat Mar 23 08:48:44 2013 (r248640) @@ -777,6 +777,8 @@ fbt_typoff_init(linker_ctf_t *lc) pop[kind]++; } + /* account for a sentinel value below */ + ctf_typemax++; *lc->typlenp = ctf_typemax; if ((xp = malloc(sizeof(uint32_t) * ctf_typemax, M_LINKER, M_ZERO | M_WAITOK)) == NULL)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303230848.r2N8mjmT055747>