Page MenuHomeFreeBSD

Pass the right size to memcpy() when copying the array of FP registers.
ClosedPublic

Authored by jhb on Jul 23 2020, 8:16 PM.

Details

Summary

The size of the containint structure was passed instead of the size of
the array. This happened to be harmless as the extra word copied is
one we copy in the next line anyway.

Obtained from: CheriBSD

Test Plan
  • using CHERI in the kernel on RISC-V found this buffer overflow since the pointer passed to memcpy had bounds on the array, not the containing structure

Diff Detail

Repository
rS FreeBSD src repository
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 32517
Build 29989: arc lint + arc unit