git: 13c63ae08df4 - main - mmc: fix 1-byte reallocs (when it should have been sizeof device_t)
Mateusz Guzik
mjg at FreeBSD.org
Sat Sep 25 15:36:59 UTC 2021
The branch main has been updated by mjg:
URL: https://cgit.FreeBSD.org/src/commit/?id=13c63ae08df43d4e662b73ea3e05137fff88e639
commit 13c63ae08df43d4e662b73ea3e05137fff88e639
Author: Mateusz Guzik <mjg at FreeBSD.org>
AuthorDate: 2021-09-25 12:49:43 +0000
Commit: Mateusz Guzik <mjg at FreeBSD.org>
CommitDate: 2021-09-25 14:58:31 +0000
mmc: fix 1-byte reallocs (when it should have been sizeof device_t)
Reported by KASAN:
panic: ASan: Invalid access, 8-byte write at 0xfffffe00f0992610, RedZonePartial(1)
panic() at panic+0xb5/frame 0xffffffff86a595b0
__asan_store8_noabort() at __asan_store8_noabort+0x376/frame 0xffffffff86a59670
mmc_go_discovery() at mmc_go_discovery+0x6c61/frame 0xffffffff86a5a790
mmc_delayed_attach() at mmc_delayed_attach+0x35/frame 0xffffffff86a5a7b0
[snip]
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/dev/mmc/mmc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/dev/mmc/mmc.c b/sys/dev/mmc/mmc.c
index 74d0549ca491..071c238374df 100644
--- a/sys/dev/mmc/mmc.c
+++ b/sys/dev/mmc/mmc.c
@@ -1920,7 +1920,7 @@ child_common:
if (child != NULL) {
device_set_ivars(child, ivar);
sc->child_list = realloc(sc->child_list,
- sizeof(device_t) * sc->child_count + 1,
+ sizeof(device_t) * (sc->child_count + 1),
M_DEVBUF, M_WAITOK);
sc->child_list[sc->child_count++] = child;
} else
More information about the dev-commits-src-all
mailing list