Differential D3713

Fix ndiscvt crash on some .inf files
ClosedPublic
Actions

Authored by AMDmi3 on Sep 22 2015, 4:32 PM.

Details

Reviewers

bapt

Commits

rS288120: Fix crash on parsing some inf files

Summary

ndiscvt uses fixed 16 entry array for `words' into which it parses comma-separated lists of strings, as in

[BLAH]
    AddReg = foo.reg, bar.reg, baz.reg, quiz.reg

Here it'll parse 4 words.

Overflow of this array is not checked, which leads to segfault on parsing specific .inf files (I've got a crash report on some broadcom driver which has a line with 17 words)

So,

Extend the array up to 32 entries
Add overflow check

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

AMDmi3 updated this revision to Diff 8888.Sep 22 2015, 4:32 PM

AMDmi3 retitled this revision from to Fix ndiscvt crash on some .inf files.

AMDmi3 updated this object.

AMDmi3 edited the test plan for this revision. (Show Details)

AMDmi3 added a reviewer: bapt.

Herald added a subscriber: imp. · View Herald TranscriptSep 22 2015, 4:32 PM

bapt accepted this revision.Sep 22 2015, 4:39 PM

bapt edited edge metadata.

bapt added inline comments.

usr.sbin/ndiscvt/inf.c
890 ↗	(On Diff #8888)	Please add a space before that line (aka before the if)

This revision is now accepted and ready to land.Sep 22 2015, 4:39 PM

Closed by commit rS288120: Fix crash on parsing some inf files (authored by AMDmi3). · Explain WhySep 22 2015, 5:00 PM

This revision was automatically updated to reflect the committed changes.

AMDmi3 mentioned this in rS288120: Fix crash on parsing some inf files.

Revision Contents
Changeset List

Path

Size

head/

usr.sbin/

ndiscvt/

inf.h

2 lines

inf.c

6 lines

Diff 8891

View Options

head/usr.sbin/ndiscvt/inf.h