Page MenuHomeFreeBSD

Fix an out-of-bounds write when a zero-length buffer is passed.
ClosedPublic

Authored by brooks on Apr 12 2017, 10:57 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Dec 18, 3:55 AM
Unknown Object (File)
Nov 12 2024, 2:05 AM
Unknown Object (File)
Nov 4 2024, 10:32 PM
Unknown Object (File)
Sep 26 2024, 4:26 AM
Unknown Object (File)
Sep 24 2024, 8:45 AM
Unknown Object (File)
Sep 17 2024, 3:43 PM
Unknown Object (File)
Sep 17 2024, 4:06 AM
Unknown Object (File)
Sep 12 2024, 4:18 PM
Subscribers
None

Details

Summary

Found with ttyname_test and CHERI bounds checking.

Sponsored by: DARPA, AFRL
Obtained from: CheriBSD

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 8705
Build 9040: arc lint + arc unit

Event Timeline

I also wonder if we should perform a NULL pointer check, but POSIX doesn't explicitly allow EINVAL.

This revision is now accepted and ready to land.Apr 12 2017, 11:10 PM

I also wonder if we should perform a NULL pointer check, but POSIX doesn't explicitly allow EINVAL.

Bruce would argue that a SIGSEGV is a valid NULL pointer check. That is the failure case for many other APIs in userland (e.g. strlen() and strcpy()).

This revision was automatically updated to reflect the committed changes.