upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fbt_typoff_init: fix an off by one in determining required memory size

Browse source 
This issue would be silent most of the time, but if the requested memory
is a multiple of a page size, then accessing one element beyond the end
would lead to a kernel page fault.
Otherwise, the unlucky last type would just be inaccessible.

Reported by:	glebius
Tested by:	glebius
MFC after:	6 days
This commit is contained in:
Andriy Gapon 2013-03-23 08:48:44 +00:00
parent 25bcd53216
commit a47016e9a9
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/cddl/dev/fbt/fbt.c
View file

@ -777,6 +777,8 @@ fbt_typoff_init(linker_ctf_t *lc)
pop[kind]++;
}
/* account for a sentinel value below */
ctf_typemax++;
*lc->typlenp = ctf_typemax;
if ((xp = malloc(sizeof(uint32_t) * ctf_typemax, M_LINKER, M_ZERO | M_WAITOK)) == NULL)