Page MenuHomeFreeBSD
Differential D4811

DIOCGSECTORSIZE expects to write to a u_int, but the struct zfs_probe_args member secsz is uint16_t
ClosedPublic
Actions

Authored by allanjude on Jan 7 2016, 1:45 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jun 27, 12:34 AM
Unknown Object (File)
Wed, Jun 26, 10:38 PM
Unknown Object (File)
Wed, Jun 26, 10:38 PM
Unknown Object (File)
Mon, Jun 24, 11:23 PM
Unknown Object (File)
Mon, Jun 24, 8:09 PM
Unknown Object (File)
Sat, Jun 22, 4:54 AM
Unknown Object (File)
Sat, Jun 22, 3:49 AM
Unknown Object (File)
Thu, Jun 20, 12:41 PM
View All 45 Files
Subscribers
imp
tsoome

Details

Reviewers
will
avg
gibbs
delphij
asomers
smh
Commits
rS293661: DIOCGSECTORSIZE expects to write to a u_int, but struct zfs_probe_args
Summary

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204358
Submitted by Toomas Soome

sys/boot/zfs/zfs.c has probe args structure including uint16_t secsz variable for media sector size; its used as an argument for ioctl() at line 484

however, this ioctl is expecting 32bit data (u_int *) and therefore this ioctl will overwrite and corrupt 16bits of memory.
other use cases seem to use correct u_int type for secsz.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

allanjude updated this revision to Diff 11982.Jan 7 2016, 1:45 AM
allanjude retitled this revision from to DIOCGSECTORSIZE expects to write to a u_int, but the struct zfs_probe_args member secsz is uint16_t.
allanjude updated this object.
allanjude edited the test plan for this revision. (Show Details)
allanjude added reviewers: smh, delphij, asomers, avg, gibbs, will.
Herald added a subscriber: imp. · View Herald TranscriptJan 7 2016, 1:45 AM
asomers accepted this revision.Jan 9 2016, 12:09 AM
asomers edited edge metadata.

LGTM from inspection. If you'd like, I can test it on Monday.

This revision is now accepted and ready to land.Jan 9 2016, 12:09 AM
delphij edited edge metadata.Jan 9 2016, 7:28 AM
delphij added a subscriber: tsoome.
delphij accepted this revision.Jan 9 2016, 7:36 AM
delphij edited edge metadata.

This change is reasonable.

smh accepted this revision.Jan 11 2016, 10:48 AM
smh edited edge metadata.
Closed by commit rS293661: DIOCGSECTORSIZE expects to write to a u_int, but struct zfs_probe_args (authored by allanjude). · Explain WhyJan 11 2016, 3:35 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
boot/
zfs/
2 lines

Diff 12119

View Options

head/sys/boot/zfs/zfs.c

Loading...