Author: avg
Date: Sat Mar 23 08:48:44 2013
New Revision: 248640
URL: http://svnweb.freebsd.org/changeset/base/248640
Log:
fbt_typoff_init: fix an off by one in determining required memory size
This issue would be silent most of the time, but if the requested memory
is a multiple of a page size, then accessing one element beyond the end
would lead to a kernel page fault.
Otherwise, the unlucky last type would just be inaccessible.
Reported by: glebius
Tested by: glebius
MFC after: 6 days
Modified:
head/sys/cddl/dev/fbt/fbt.c
Modified: head/sys/cddl/dev/fbt/fbt.c
==============================================================================
--- head/sys/cddl/dev/fbt/fbt.c Sat Mar 23 07:57:30 2013 (r248639)
+++ head/sys/cddl/dev/fbt/fbt.c Sat Mar 23 08:48:44 2013 (r248640)
@@ -777,6 +777,8 @@ fbt_typoff_init(linker_ctf_t *lc)
pop[kind]++;
}
+ /* account for a sentinel value below */
+ ctf_typemax++;
*lc->typlenp = ctf_typemax;
if ((xp = malloc(sizeof(uint32_t) * ctf_typemax, M_LINKER, M_ZERO |
M_WAITOK)) == NULL)
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
