Fix heap overflow in bhnd(4) SPROM parsing.
ClosedPublic
Actions

Authored by landonf on Jul 9 2016, 10:43 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Thu, May 23, 11:57 AM

	Unknown Object (File)
	Mar 23 2024, 1:26 AM

	Unknown Object (File)
	Jan 23 2024, 3:10 AM

	Unknown Object (File)
	Jan 4 2024, 2:17 AM

	Unknown Object (File)
	Jan 4 2024, 1:44 AM

	Unknown Object (File)
	Dec 22 2023, 8:43 PM

	Unknown Object (File)
	Sep 20 2023, 1:58 PM

	Unknown Object (File)
	Aug 17 2023, 11:33 PM

View All 30 Files

Subscribers

imp

Details

Reviewers

adrian

Commits

rS302509: Fix heap overflow in bhnd(4) SPROM parsing.

Summary

The bus_region_* APIs accept the number of data items to be
read, while the code was passing the total number of bytes,
resulting in an overflow of the SPROM parser's shadow buffer.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 4468
Build 4519: arc lint + arc unit

Event Timeline

landonf updated this revision to Diff 18243.Jul 9 2016, 10:43 PM

landonf retitled this revision from to Fix heap overflow in bhnd(4) SPROM parsing..

landonf updated this object.

landonf edited the test plan for this revision. (Show Details)

landonf added a reviewer: adrian.

Herald added a subscriber: imp. · View Herald TranscriptJul 9 2016, 10:43 PM

approved!

This revision is now accepted and ready to land.Jul 9 2016, 11:02 PM

Closed by commit rS302509: Fix heap overflow in bhnd(4) SPROM parsing. (authored by landonf). · Explain WhyJul 10 2016, 12:08 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

sys/

dev/

bhnd/

nvram/

bhnd_sprom_subr.c

3 lines

Diff 18243

View Options

sys/dev/bhnd/nvram/bhnd_sprom_subr.c

Fix heap overflow in bhnd(4) SPROM parsing.ClosedPublicActions