[Bug 211960] [PATCH] Page fault panic under settimeofday when tv_sec / SECDAY overflows signed 32 bit int
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Aug 18 09:34:02 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211960
Bug ID: 211960
Summary: [PATCH] Page fault panic under settimeofday when
tv_sec / SECDAY overflows signed 32 bit int
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: justin.mcomie at gmail.com
Keywords: patch
Created attachment 173816
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=173816&action=edit
Patch with variable type changes.
Repro on FreeBSD-12.0-CURRENT-amd64-20160809-r303880:
Set the date to a value exceeding the number of seconds in a day multiplied
by the capacity of a signed a 32 bit integer.
Does not panic:
date -f "%s" `bc -l -e '24*60*60 * 2^31 -1' -e quit`
Panics:
date -f "%s" `bc -l -e '24*60*60 * 2^31' -e quit`
Stack backtrace:
#0 0xffffffff80aa8cd0 at witness_debugger+0x70
#1 0xffffffff80aa9fb7 at witness_warn+0x3d7
#2 0xffffffff80ebc427 at trap_pfault+0x57
#3 0xffffffff80ebbab4 at trap+0x284
#4 0xffffffff80e9c941 at calltrap+0x8
#5 0xffffffff810030dc at atrtc_settime+0xc
#6 0xffffffff80a934a8 at resettodr+0xd8
#7 0xffffffff80a5d5f4 at settime+0x154
#8 0xffffffff80a5daa0 at sys_settimeofday+0x90
#9 0xffffffff80ebcb7b at amd64_syscall+0x2db
#10 0xffffffff80e9cc2b at Xfast_syscall+0xfb
For a fix I change container variable types from int to time_t in
clock_ts_to_ct.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list