git: 7e5f4bb3a1c9 - main - kernel dump: dumpsys_gen_pa_next(): Fix "no more chunks" condition detection
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 10 Feb 2026 16:55:12 UTC
The branch main has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=7e5f4bb3a1c999d1893528faa75559f37365de47
commit 7e5f4bb3a1c999d1893528faa75559f37365de47
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2026-02-04 13:04:20 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2026-02-10 16:50:27 +0000
kernel dump: dumpsys_gen_pa_next(): Fix "no more chunks" condition detection
In the (improbable) cases where either:
- All entries in dump_map[] are used, so there is no guard entry filled with zeros.
- Some dump region has size 0.
We would respectively access dump_map[] out-of-bounds or omit further
dump regions when iterating.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
---
sys/kern/kern_dump.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/kern/kern_dump.c b/sys/kern/kern_dump.c
index 67c5844013be..f1354157abf1 100644
--- a/sys/kern/kern_dump.c
+++ b/sys/kern/kern_dump.c
@@ -82,7 +82,8 @@ dumpsys_gen_pa_next(struct dump_pa *mdp)
return (&dump_map[0]);
mdp++;
- if (mdp->pa_size == 0)
+ if (mdp - dump_map >= nitems(dump_map) ||
+ (mdp->pa_start == 0 && mdp->pa_size == 0))
mdp = NULL;
return (mdp);
}