git: 16de2cf81f75 - stable/15 - kernel dump: dumpsys_gen_pa_next(): Fix "no more chunks" condition detection
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 05 Mar 2026 14:44:11 UTC
The branch stable/15 has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=16de2cf81f75a7e7752a738e83a42b63d53b75c3
commit 16de2cf81f75a7e7752a738e83a42b63d53b75c3
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2026-02-04 13:04:20 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2026-03-05 14:43:24 +0000
kernel dump: dumpsys_gen_pa_next(): Fix "no more chunks" condition detection
In the (improbable) cases where either:
- All entries in dump_map[] are used, so there is no guard entry filled with zeros.
- Some dump region has size 0.
We would respectively access dump_map[] out-of-bounds or omit further
dump regions when iterating.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 7e5f4bb3a1c999d1893528faa75559f37365de47)
---
sys/kern/kern_dump.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/kern/kern_dump.c b/sys/kern/kern_dump.c
index 67c5844013be..f1354157abf1 100644
--- a/sys/kern/kern_dump.c
+++ b/sys/kern/kern_dump.c
@@ -82,7 +82,8 @@ dumpsys_gen_pa_next(struct dump_pa *mdp)
return (&dump_map[0]);
mdp++;
- if (mdp->pa_size == 0)
+ if (mdp - dump_map >= nitems(dump_map) ||
+ (mdp->pa_start == 0 && mdp->pa_size == 0))
mdp = NULL;
return (mdp);
}