svn commit: r345853 - head/usr.bin/rctl
Mateusz Guzik
mjguzik at gmail.com
Tue Sep 3 14:06:19 UTC 2019
On 4/4/19, Enji Cooper <yaneurabeya at gmail.com> wrote:
>
>> On Apr 3, 2019, at 1:37 PM, Mateusz Guzik <mjg at FreeBSD.org> wrote:
>>
>> Author: mjg
>> Date: Wed Apr 3 20:37:14 2019
>> New Revision: 345853
>> URL: https://svnweb.freebsd.org/changeset/base/345853
>>
>> Log:
>> rctl: fix sysctl kern.racct.enable use after r341182
>>
>> The value was changed from int to bool. Since the new type
>> is smaller, the rest of the variable in the caller was left
>> unitialized.
>
> I hit a bug like this recently with capsicum-test. Do you think it makes
> sense to purge all of the memory or return -1/set EINVAL for reasons similar
> to this for newp?
>
> [EINVAL] A non-null newp is given and its specified length
> in
> newlen is too large or too small.
>
There is most likely code which always passed oversized bufs. This change
would break it.
--
Mateusz Guzik <mjguzik gmail.com>
More information about the svn-src-head
mailing list