Date: Mon, 9 Nov 2009 14:26:23 +0000 (UTC) From: Nathan Whitehorn <nwhitehorn@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r199084 - head/sys/powerpc/aim Message-ID: <200911091426.nA9EQNnH023799@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: nwhitehorn Date: Mon Nov 9 14:26:23 2009 New Revision: 199084 URL: http://svn.freebsd.org/changeset/base/199084 Log: Increase the size of the OFW translations buffer to handle G5 systems that use many translation regions in firmware, and add bounds checking to prevent buffer overflows in case even the new value is exceeded. Reported by: Jacob Lambert MFC after: 3 days Modified: head/sys/powerpc/aim/mmu_oea64.c Modified: head/sys/powerpc/aim/mmu_oea64.c ============================================================================== --- head/sys/powerpc/aim/mmu_oea64.c Mon Nov 9 12:46:59 2009 (r199083) +++ head/sys/powerpc/aim/mmu_oea64.c Mon Nov 9 14:26:23 2009 (r199084) @@ -264,7 +264,7 @@ static struct mem_region *pregions; extern u_int phys_avail_count; extern int regions_sz, pregions_sz; extern int ofw_real_mode; -static struct ofw_map translations[64]; +static struct ofw_map translations[96]; extern struct pmap ofw_pmap; @@ -897,6 +897,9 @@ moea64_bridge_bootstrap(mmu_t mmup, vm_o panic("moea64_bootstrap: can't get mmu package"); if ((sz = OF_getproplen(mmu, "translations")) == -1) panic("moea64_bootstrap: can't get ofw translation count"); + if (size > sizeof(translations)) + panic("moea64_bootstrap: too many ofw translations (%d)", + sz/sizeof(*translations)); bzero(translations, sz); if (OF_getprop(mmu, "translations", translations, sz) == -1)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911091426.nA9EQNnH023799>