Date: Mon, 11 Oct 2021 09:15:52 GMT From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 7890bcbc152e - stable/13 - mmc: fix 1-byte reallocs (when it should have been sizeof device_t) Message-ID: <202110110915.19B9FqRK009554@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=7890bcbc152e2c9f2d0f99342b6e1cf4197c2a35 commit 7890bcbc152e2c9f2d0f99342b6e1cf4197c2a35 Author: Mateusz Guzik <mjg@FreeBSD.org> AuthorDate: 2021-09-25 12:49:43 +0000 Commit: Mateusz Guzik <mjg@FreeBSD.org> CommitDate: 2021-10-11 09:12:55 +0000 mmc: fix 1-byte reallocs (when it should have been sizeof device_t) Reported by KASAN: panic: ASan: Invalid access, 8-byte write at 0xfffffe00f0992610, RedZonePartial(1) panic() at panic+0xb5/frame 0xffffffff86a595b0 __asan_store8_noabort() at __asan_store8_noabort+0x376/frame 0xffffffff86a59670 mmc_go_discovery() at mmc_go_discovery+0x6c61/frame 0xffffffff86a5a790 mmc_delayed_attach() at mmc_delayed_attach+0x35/frame 0xffffffff86a5a7b0 [snip] Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 13c63ae08df43d4e662b73ea3e05137fff88e639) --- sys/dev/mmc/mmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/mmc/mmc.c b/sys/dev/mmc/mmc.c index 47df562e73fd..6e1d55639284 100644 --- a/sys/dev/mmc/mmc.c +++ b/sys/dev/mmc/mmc.c @@ -1926,7 +1926,7 @@ child_common: if (child != NULL) { device_set_ivars(child, ivar); sc->child_list = realloc(sc->child_list, - sizeof(device_t) * sc->child_count + 1, + sizeof(device_t) * (sc->child_count + 1), M_DEVBUF, M_WAITOK); sc->child_list[sc->child_count++] = child; } else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202110110915.19B9FqRK009554>