Differential D19220

Still a memory corruption bug in vdev_read in loader ZFS support
ClosedPublic
Actions

Authored by pkelsey on Feb 17 2019, 4:16 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Wed, Nov 20, 2:43 PM

	Unknown Object (File)
	Mon, Oct 28, 10:05 PM

	Unknown Object (File)
	Sep 16 2024, 7:52 PM

	Unknown Object (File)
	Sep 12 2024, 3:54 PM

	Unknown Object (File)
	Aug 24 2024, 7:00 AM

	Unknown Object (File)
	Aug 22 2024, 10:37 AM

	Unknown Object (File)
	Aug 13 2024, 7:35 PM

	Unknown Object (File)
	Aug 11 2024, 9:28 PM

View All 55 Files

Subscribers

delphij

Details

Reviewers

allanjude
imp
tsoome

Commits

rS344234: It turns out r344226 narrowed the overrun bug but did not eliminate it entirely

Summary

D19140 didn't quite expunge the memory corruption bug in vdev_read() in zfs.c. In that fix, the single-sector case with non-zero tail would overrun the output buffer by the tail size.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

pkelsey created this revision.Feb 17 2019, 4:16 AM

Herald added a subscriber: delphij. · View Herald TranscriptFeb 17 2019, 4:16 AM

tsoome accepted this revision.Feb 17 2019, 7:02 AM

This revision is now accepted and ready to land.Feb 17 2019, 7:02 AM

pkelsey retitled this revision from Still a memory corruption bug in vdev_readin loader ZFS support to Still a memory corruption bug in vdev_read in loader ZFS support.Feb 17 2019, 4:27 PM

allanjude accepted this revision.Feb 17 2019, 5:32 PM

Closed by commit rS344234: It turns out r344226 narrowed the overrun bug but did not eliminate it entirely (authored by pkelsey). · Explain WhyFeb 17 2019, 5:47 PM

This revision was automatically updated to reflect the committed changes.