Date: Sat, 18 Apr 2015 12:54:39 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 199518] [patch] use uninitialized field td_sel of struct thread Message-ID: <bug-199518-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199518 Bug ID: 199518 Summary: [patch] use uninitialized field td_sel of struct thread Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: luke.tw@gmail.com Keywords: patch Created attachment 155694 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155694&action=edit patch for thread_init() When thread_alloc() allocates struct thread from thread_zone, the field td_sel is not initialized. Later in seltdinit(), if td_sel is not NULL, then this field will not allocate memory. While not easy to run into the bug in normal configuration, it is easy to panic when memguard deliberately overwrites the freed memory with 'M'. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-199518-8>