Page MenuHomeFreeBSD
Differential D5132

Handle security concerns in sys/dev about out of bound and initilized stack vars
ClosedPublic
Actions

Authored by mmokhi on Jan 30 2016, 2:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jan 7, 9:51 AM
Unknown Object (File)
Wed, Dec 25, 2:40 PM
Unknown Object (File)
Dec 8 2024, 6:22 AM
Unknown Object (File)
Dec 4 2024, 1:04 AM
Unknown Object (File)
Nov 29 2024, 11:13 AM
Unknown Object (File)
Nov 27 2024, 8:49 PM
Unknown Object (File)
Nov 24 2024, 1:15 AM
Unknown Object (File)
Oct 30 2024, 6:57 AM
View All Files
Subscribers
cem
emaste
imp
mmokhi
ngie
Contributor Reviews (src)

Details

Reviewers
allanjude
Summary

Use of initialised stack variables in tdfx_query_update

	 and handle Out of bounds negative array index in iicrdwr

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 2376
Build 2392: arc lint + arc unit

Event Timeline

mmokhi updated this revision to Diff 12867.Jan 30 2016, 2:21 PM
mmokhi retitled this revision from to Handle security concerns in sys/dev about out of bound and initilized stack vars.
mmokhi updated this object.
mmokhi edited the test plan for this revision. (Show Details)
mmokhi added a subscriber: mmokhi.
Herald added subscribers: Contributor Reviews (src), imp. ยท View Herald TranscriptJan 30 2016, 2:21 PM
mmokhi added a subscriber: cem.Jan 30 2016, 2:25 PM
mmokhi added a comment.Jan 30 2016, 4:17 PM

related Bugzilla issues:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206755
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206754

ngie added a subscriber: ngie.Jan 30 2016, 5:24 PM
ngie added inline comments.
sys/dev/tdfx/tdfx_pci.c
710โ€“712
  • You addressed the copyin piece, but the copyout piece could fail as well.
  • Please use copy{in,out} != 0 instead of testing for boolean true/false.
ngie added inline comments.Jan 30 2016, 6:27 PM
sys/dev/iicbus/iic.c
296โ€“298

This is ok. I'll commit this to head.

ngie added a reviewer: ngie.Jan 30 2016, 6:27 PM
ngie removed a subscriber: ngie.
mmokhi updated this revision to Diff 12981.Feb 3 2016, 6:45 PM

Updating D5132: Handle security concerns in sys/dev about out of bound and initilized stack vars

Using $cond != 0 instead of testing for boolean true/false.

mmokhi marked 2 inline comments as done.Feb 3 2016, 6:47 PM

Sorry for delay in doing "$cond != 0"
I didn't see your comments in my mail_box.
BTW, Done as you told :)

Thanks.

emaste added a subscriber: emaste.Oct 7 2016, 2:58 PM
ngie removed a reviewer: ngie.Mar 8 2017, 7:03 AM

Resigning as reviewer because this is not my area of expertise and I lack the hardware to test out the change, i.e., I'm not a relevant reviewer.

mmokhi added a subscriber: ngie.Mar 8 2017, 8:43 AM

@ngie It's committed by another committer AFAIK,
How can we close this review?

allanjude accepted this revision.Jul 8 2017, 10:03 AM
This revision is now accepted and ready to land.Jul 8 2017, 10:03 AM
allanjude closed this revision.Jul 8 2017, 10:04 AM

Committed as rS295080

Revision Contents
Changeset List

PathSize
sys/
dev/
iicbus/
3 lines
tdfx/
3 lines

Diff 12981

View Options

sys/dev/iicbus/iic.c

Loading...
View Options

sys/dev/tdfx/tdfx_pci.c

Loading...