Page MenuHomeFreeBSD
Differential D4811

DIOCGSECTORSIZE expects to write to a u_int, but the struct zfs_probe_args member secsz is uint16_t
ClosedPublic
Actions

Authored by allanjude on Jan 7 2016, 1:45 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Dec 4, 5:05 PM
Unknown Object (File)
Nov 24 2024, 10:13 AM
Unknown Object (File)
Nov 13 2024, 10:29 AM
Unknown Object (File)
Nov 3 2024, 5:36 PM
Unknown Object (File)
Oct 23 2024, 1:41 AM
Unknown Object (File)
Oct 23 2024, 1:41 AM
Unknown Object (File)
Oct 23 2024, 1:41 AM
Unknown Object (File)
Oct 23 2024, 1:21 AM
View All 68 Files
Subscribers
imp
tsoome

Details

Reviewers
will
avg
gibbs
delphij
asomers
smh
Commits
rS293661: DIOCGSECTORSIZE expects to write to a u_int, but struct zfs_probe_args
Summary

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204358
Submitted by Toomas Soome

sys/boot/zfs/zfs.c has probe args structure including uint16_t secsz variable for media sector size; its used as an argument for ioctl() at line 484

however, this ioctl is expecting 32bit data (u_int *) and therefore this ioctl will overwrite and corrupt 16bits of memory.
other use cases seem to use correct u_int type for secsz.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 1977
Build 1985: arc lint + arc unit

Event Timeline

allanjude updated this revision to Diff 11982.Jan 7 2016, 1:45 AM
allanjude retitled this revision from to DIOCGSECTORSIZE expects to write to a u_int, but the struct zfs_probe_args member secsz is uint16_t.
allanjude updated this object.
allanjude edited the test plan for this revision. (Show Details)
allanjude added reviewers: smh, delphij, asomers, avg, gibbs, will.
Herald added a subscriber: imp. · View Herald TranscriptJan 7 2016, 1:45 AM
asomers accepted this revision.Jan 9 2016, 12:09 AM
asomers edited edge metadata.

LGTM from inspection. If you'd like, I can test it on Monday.

This revision is now accepted and ready to land.Jan 9 2016, 12:09 AM
delphij edited edge metadata.Jan 9 2016, 7:28 AM
delphij added a subscriber: tsoome.
delphij accepted this revision.Jan 9 2016, 7:36 AM
delphij edited edge metadata.

This change is reasonable.

smh accepted this revision.Jan 11 2016, 10:48 AM
smh edited edge metadata.
Closed by commit rS293661: DIOCGSECTORSIZE expects to write to a u_int, but struct zfs_probe_args (authored by allanjude). · Explain WhyJan 11 2016, 3:35 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
sys/
boot/
zfs/
2 lines

Diff 11982

View Options

sys/boot/zfs/zfs.c

Loading...