[Bug 231515] Potential out-of-bounds access in function pmap_bootstrap (sys/riscv/riscv/pmap.c)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Nov 11 17:36:18 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231515
Mark Johnston <markj at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|New |In Progress
Assignee|bugs at FreeBSD.org |markj at FreeBSD.org
--- Comment #2 from Mark Johnston <markj at FreeBSD.org> ---
Created attachment 199144
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=199144&action=edit
proposed patch
I don't understand the need for the first hunk of the patch. In the for-loop,
avail_slot is only used to index phys_avail[], which has size PHYSMAP_SIZE+2.
In the second hunk, we should test avail_slot < PHYS_AVAIL_SIZE - 2 before
using avail_slot as an index.
However, I don't quite understand the code in the second hunk. It's checking
whether the loop exited because it found a physmem range containing KERNBASE -
kern_delta, so why is it using avail_slot as the index? I think the test is
just wrong. The attached patch changes that code according to my understand of
what it's supposed to be doing.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list