Userspace may pass a negative ps_len value to us, which causes an
assertion failure in malloc().
Treat negative values as zero, i.e. return the required size.
Reported-by: syzbot+53370d9d0358ee2a059a@syzkaller.appspotmail.com
Details
Details
- Reviewers
donner - Group Reviewers
network - Commits
- rS360042: pf: Do not allow negative ps_len in DIOCGETSTATES
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable