Date: Wed, 10 Sep 2025 14:22:11 GMT From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: f48b1a34ef85 - main - Fix possible out of bounds read in armv8_crc32c Message-ID: <202509101422.58AEMBLi075852@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=f48b1a34ef859ca17de0cc9149cc22e07364ef85 commit f48b1a34ef859ca17de0cc9149cc22e07364ef85 Author: Zhongqi Zhao <zz479@cam.ac.uk> AuthorDate: 2025-09-10 14:21:38 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2025-09-10 14:21:38 +0000 Fix possible out of bounds read in armv8_crc32c Reviewed by: andrew Obtained from: CheriBSD Differential Revision: https://reviews.freebsd.org/D52401 --- sys/libkern/arm64/crc32c_armv8.S | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/libkern/arm64/crc32c_armv8.S b/sys/libkern/arm64/crc32c_armv8.S index 649afff4b711..430b24f7615a 100644 --- a/sys/libkern/arm64/crc32c_armv8.S +++ b/sys/libkern/arm64/crc32c_armv8.S @@ -39,14 +39,14 @@ ENTRY(armv8_crc32c) cbz w2, end tbz x1, #0x0, half_word_aligned sub w2, w2, 0x1 - ldr w10, [x1], #0x1 + ldrb w10, [x1], #0x1 crc32cb w0, w0, w10 half_word_aligned: cmp w2, #0x2 b.lo last_byte tbz x1, #0x1, word_aligned sub w2, w2, 0x2 - ldr w10, [x1], #0x2 + ldrh w10, [x1], #0x2 crc32ch w0, w0, w10 word_aligned: cmp w2, #0x4 @@ -69,11 +69,11 @@ last_word: crc32cw w0, w0, w10 last_half_word: tbz w2, #0x1, last_byte - ldr w10, [x1], #0x2 + ldrh w10, [x1], #0x2 crc32ch w0, w0, w10 last_byte: tbz w2, #0x0, end - ldr w10, [x1], #0x1 + ldrb w10, [x1], #0x1 crc32cb w0, w0, w10 end: ret
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509101422.58AEMBLi075852>