Page MenuHomeFreeBSD
Differential D8162

savecore(8): Fix buffer overrun inspecting disks with varying sector size
ClosedPublic
Actions

Authored by cem on Oct 6 2016, 2:52 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jun 25, 5:01 PM
Unknown Object (File)
Sat, Jun 22, 3:53 AM
Unknown Object (File)
Wed, Jun 19, 7:31 PM
Unknown Object (File)
May 1 2024, 4:08 PM
Unknown Object (File)
Apr 20 2024, 11:55 AM
Unknown Object (File)
Mar 22 2024, 10:12 PM
Unknown Object (File)
Mar 22 2024, 10:12 PM
Unknown Object (File)
Mar 22 2024, 10:12 PM
View All 57 Files
Subscribers
None

Details

Reviewers
emaste
markj
ambrisko
rpokala
Commits
rS306752: savecore(8): Fix buffer overrun inspecting disks with varying sector size
Summary

A premature optimization lead to caching a native-sector sized memory
allocation. If the program examined a 512 byte sector disk, then a 4096
byte sector disk, the program would overrun the cached 512 byte buffer.

Just remove the optimization to fix the bug.

Noticed by: markj

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

cem updated this revision to Diff 21098.Oct 6 2016, 2:52 AM
cem retitled this revision from to savecore(8): Fix buffer overrun inspecting disks with varying sector size.
cem updated this object.
cem edited the test plan for this revision. (Show Details)
cem added reviewers: markj, rpokala, ambrisko, emaste.
rpokala edited edge metadata.Oct 6 2016, 3:18 AM

'temp' is the buffer you read the header into, and also what you use to write the "cleared" header. So what's 'buf'?

cem added a comment.Oct 6 2016, 3:54 AM
In D8162#169285, @rpokala wrote:

'temp' is the buffer you read the header into, and also what you use to write the "cleared" header. So what's 'buf'?

temp is used for kernel dump metadata and is only a single sector large. buf is used for streaming dump data off the disk, and is 1MB.

markj accepted this revision.Oct 6 2016, 3:56 AM
markj edited edge metadata.

Thanks!

This revision is now accepted and ready to land.Oct 6 2016, 3:56 AM
rpokala accepted this revision.Oct 6 2016, 4:54 AM
rpokala edited edge metadata.
Closed by commit rS306752: savecore(8): Fix buffer overrun inspecting disks with varying sector size (authored by cem). · Explain WhyOct 6 2016, 5:17 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sbin/
savecore/
13 lines

Diff 21100

View Options

head/sbin/savecore/savecore.c

Loading...