Date: Wed, 19 Feb 2025 14:14:23 GMT From: Olivier Certner <olce@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 291b7bf071e8 - main - vm_phys_avail_count(): Fix out-of-bounds accesses Message-ID: <202502191414.51JEENNH038156@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=291b7bf071e8b50f2b7877213b2d3307ae5d3e38 commit 291b7bf071e8b50f2b7877213b2d3307ae5d3e38 Author: Olivier Certner <olce@FreeBSD.org> AuthorDate: 2024-10-28 16:22:28 +0000 Commit: Olivier Certner <olce@FreeBSD.org> CommitDate: 2025-02-19 14:13:27 +0000 vm_phys_avail_count(): Fix out-of-bounds accesses On improper termination of phys_avail[] (two consecutive 0 starting at an even index), this function would (unnecessarily) continue searching for the termination markers even if the index was out of bounds. Reviewed by: markj MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48629 --- sys/vm/vm_phys.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/sys/vm/vm_phys.c b/sys/vm/vm_phys.c index 3b3b3cb16bb9..e2b5a6e21365 100644 --- a/sys/vm/vm_phys.c +++ b/sys/vm/vm_phys.c @@ -1782,12 +1782,10 @@ vm_phys_avail_count(void) { int i; - for (i = 0; phys_avail[i + 1]; i += 2) - continue; - if (i > PHYS_AVAIL_ENTRIES) - panic("Improperly terminated phys_avail %d entries", i); - - return (i); + for (i = 0; i < PHYS_AVAIL_COUNT; i += 2) + if (phys_avail[i] == 0 && phys_avail[i + 1] == 0) + return (i); + panic("Improperly terminated phys_avail[]"); } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502191414.51JEENNH038156>