Date: Thu, 18 Aug 2016 09:34:02 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 211960] [PATCH] Page fault panic under settimeofday when tv_sec / SECDAY overflows signed 32 bit int Message-ID: <bug-211960-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211960 Bug ID: 211960 Summary: [PATCH] Page fault panic under settimeofday when tv_sec / SECDAY overflows signed 32 bit int Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Many People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: justin.mcomie@gmail.com Keywords: patch Created attachment 173816 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D173816&action= =3Dedit Patch with variable type changes. Repro on FreeBSD-12.0-CURRENT-amd64-20160809-r303880: Set the date to a value exceeding the number of seconds in a day multipli= ed by the capacity of a signed a 32 bit integer. Does not panic: date -f "%s" `bc -l -e '24*60*60 * 2^31 -1' -e quit` Panics: date -f "%s" `bc -l -e '24*60*60 * 2^31' -e quit` Stack backtrace: #0 0xffffffff80aa8cd0 at witness_debugger+0x70 #1 0xffffffff80aa9fb7 at witness_warn+0x3d7 #2 0xffffffff80ebc427 at trap_pfault+0x57 #3 0xffffffff80ebbab4 at trap+0x284 #4 0xffffffff80e9c941 at calltrap+0x8 #5 0xffffffff810030dc at atrtc_settime+0xc #6 0xffffffff80a934a8 at resettodr+0xd8 #7 0xffffffff80a5d5f4 at settime+0x154 #8 0xffffffff80a5daa0 at sys_settimeofday+0x90 #9 0xffffffff80ebcb7b at amd64_syscall+0x2db #10 0xffffffff80e9cc2b at Xfast_syscall+0xfb For a fix I change container variable types from int to time_t in clock_ts_to_ct. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211960-8>