git: 90c11896412d - stable/15 - netlink: Avoid undefined behaviour
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 Jun 2026 14:09:39 UTC
The branch stable/15 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=90c11896412d59c8624c4d05b2f339685fbfd586
commit 90c11896412d59c8624c4d05b2f339685fbfd586
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2026-05-22 00:50:00 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2026-06-09 13:40:28 +0000
netlink: Avoid undefined behaviour
Even though it is not dereferenced, it is UB to take the address of an
out of bounds array element.
Reviewed by: pouria, bz, des, adrian
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57158
(cherry picked from commit 1a4ad649cb135501f0bee56a4214e8c904ca402e)
---
sys/netlink/netlink_generic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys/netlink/netlink_generic.c b/sys/netlink/netlink_generic.c
index fb74860e42b3..c2f82eed5656 100644
--- a/sys/netlink/netlink_generic.c
+++ b/sys/netlink/netlink_generic.c
@@ -127,13 +127,13 @@ genl_handle_message(struct nlmsghdr *hdr, struct nl_pstate *npt)
}
family_id = hdr->nlmsg_type - GENL_MIN_ID;
- gf = &families[family_id];
if (__predict_false(family_id >= MAX_FAMILIES ||
- gf->family_name == NULL)) {
+ families[family_id].family_name == NULL)) {
NLP_LOG(LOG_DEBUG, nlp, "invalid message type: %d",
hdr->nlmsg_type);
return (ENOTSUP);
}
+ gf = &families[family_id];
struct genlmsghdr *ghdr = (struct genlmsghdr *)(hdr + 1);