Date: Wed, 26 Sep 2001 23:00:02 -0700 (PDT) From: Bruce Evans <bde@zeta.org.au> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/30857: intr_machdep.c allows access out of array bound Message-ID: <200109270600.f8R602K26490@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/30857; it has been noted by GNATS. From: Bruce Evans <bde@zeta.org.au> To: David Xu <davidx@viasoft.com.cn> Cc: <freebsd-gnats-submit@FreeBSD.ORG> Subject: Re: misc/30857: intr_machdep.c allows access out of array bound Date: Thu, 27 Sep 2001 15:55:24 +1000 (EST) On Wed, 26 Sep 2001, David Xu wrote: > >Description: > in source file /sys/i386/isa/intr_machdep.c, function icu_setup > does not detect array bound correctly, allow access out of bound data. > >How-To-Repeat: > > >Fix: > patch is here: > --- intr_machdep.c.orig Thu Sep 27 09:03:29 2001 > +++ intr_machdep.c Thu Sep 27 09:04:11 2001 > @@ -433,6 +433,7 @@ > #else > if ((u_int)intr >= ICU_LEN || intr == ICU_SLAVEID) > #endif /* APIC_IO */ > + return (EINVAL); These bytes rotted away when register_intr() was mutated to icu_setup() in rev.1.85 if sys/i386/isa/isa.c. > if (intr_handler[intr] != isa_strayintr) > return (EBUSY); Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109270600.f8R602K26490>