Date: Sat, 25 Sep 2021 15:36:59 GMT From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 13c63ae08df4 - main - mmc: fix 1-byte reallocs (when it should have been sizeof device_t) Message-ID: <202109251536.18PFaxpu066086@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=13c63ae08df43d4e662b73ea3e05137fff88e639 commit 13c63ae08df43d4e662b73ea3e05137fff88e639 Author: Mateusz Guzik <mjg@FreeBSD.org> AuthorDate: 2021-09-25 12:49:43 +0000 Commit: Mateusz Guzik <mjg@FreeBSD.org> CommitDate: 2021-09-25 14:58:31 +0000 mmc: fix 1-byte reallocs (when it should have been sizeof device_t) Reported by KASAN: panic: ASan: Invalid access, 8-byte write at 0xfffffe00f0992610, RedZonePartial(1) panic() at panic+0xb5/frame 0xffffffff86a595b0 __asan_store8_noabort() at __asan_store8_noabort+0x376/frame 0xffffffff86a59670 mmc_go_discovery() at mmc_go_discovery+0x6c61/frame 0xffffffff86a5a790 mmc_delayed_attach() at mmc_delayed_attach+0x35/frame 0xffffffff86a5a7b0 [snip] Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/dev/mmc/mmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/mmc/mmc.c b/sys/dev/mmc/mmc.c index 74d0549ca491..071c238374df 100644 --- a/sys/dev/mmc/mmc.c +++ b/sys/dev/mmc/mmc.c @@ -1920,7 +1920,7 @@ child_common: if (child != NULL) { device_set_ivars(child, ivar); sc->child_list = realloc(sc->child_list, - sizeof(device_t) * sc->child_count + 1, + sizeof(device_t) * (sc->child_count + 1), M_DEVBUF, M_WAITOK); sc->child_list[sc->child_count++] = child; } else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109251536.18PFaxpu066086>