misc/175648: [PATCH] Fix for buffer corruption in libproc
Yuri
yuri at tsoft.com
Mon Jan 28 10:10:00 UTC 2013
>Number: 175648
>Category: misc
>Synopsis: [PATCH] Fix for buffer corruption in libproc
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 28 10:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Yuri
>Release: 9.1-STABLE
>Organization:
n/a
>Environment:
>Description:
Please check in the attached patch.
Please MFC to 9.X.
Patch fixes the buffer corruption caused by the wrong size passed to realloc.
Bug can be experienced by calling ustack() from some dtrace script when the number of entries in /proc/PID/map is greater than 64.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: lib/libproc/proc_rtld.c
===================================================================
--- lib/libproc/proc_rtld.c (revision 245708)
+++ lib/libproc/proc_rtld.c (working copy)
@@ -44,7 +44,7 @@
if (phdl->nobjs >= phdl->rdobjsz) {
phdl->rdobjsz *= 2;
- phdl->rdobjs = realloc(phdl->rdobjs, phdl->rdobjsz);
+ phdl->rdobjs = realloc(phdl->rdobjs, sizeof(*phdl->rdobjs) * phdl->rdobjsz);
if (phdl->rdobjs == NULL)
return (-1);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list