svn commit: r267074 - stable/10/sys/dev/aac
John Baldwin
jhb at FreeBSD.org
Wed Jun 4 18:21:33 UTC 2014
Author: jhb
Date: Wed Jun 4 18:21:33 2014
New Revision: 267074
URL: http://svnweb.freebsd.org/changeset/base/267074
Log:
MFC 266281:
Clear the data buffer length field when freeing a command structure so that
it doesn't leak through when the command structure is reused for a user
command without a data buffer.
PR: 189668
Modified:
stable/10/sys/dev/aac/aac.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/dev/aac/aac.c
==============================================================================
--- stable/10/sys/dev/aac/aac.c Wed Jun 4 18:19:10 2014 (r267073)
+++ stable/10/sys/dev/aac/aac.c Wed Jun 4 18:21:33 2014 (r267074)
@@ -1408,6 +1408,7 @@ aac_release_command(struct aac_command *
fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
/* (re)initialize the command/FIB */
+ cm->cm_datalen = 0;
cm->cm_sgtable = NULL;
cm->cm_flags = 0;
cm->cm_complete = NULL;
More information about the svn-src-all
mailing list