Page MenuHomeFreeBSD
Differential D25791

Pass the right size to memcpy() when copying the array of FP registers.
ClosedPublic
Actions

Authored by jhb on Jul 23 2020, 8:16 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 22 2024, 6:11 PM
Unknown Object (File)
Oct 3 2024, 10:54 AM
Unknown Object (File)
Oct 3 2024, 8:42 AM
Unknown Object (File)
Oct 1 2024, 2:18 PM
Unknown Object (File)
Sep 28 2024, 2:08 PM
Unknown Object (File)
Sep 27 2024, 5:24 PM
Unknown Object (File)
Sep 27 2024, 7:18 AM
Unknown Object (File)
Sep 21 2024, 4:47 PM
View All 31 Files
Subscribers
imp

Details

Reviewers
brooks
br
mhorne
imp
Commits
rS363459: Pass the right size to memcpy() when copying the array of FP registers.
Summary

The size of the containint structure was passed instead of the size of
the array. This happened to be harmless as the extra word copied is
one we copy in the next line anyway.

Obtained from: CheriBSD

Test Plan
  • using CHERI in the kernel on RISC-V found this buffer overflow since the pointer passed to memcpy had bounds on the array, not the containing structure

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 32517
Build 29989: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
riscv/
riscv/
4 lines

Diff 74855

View Options

sys/riscv/riscv/machdep.c

Loading...