kern/38431: getparts in dkwedge_mbr.c seems to use stale data

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/38431: getparts in dkwedge_mbr.c seems to use stale data
From: yamt%mwd.biglobe.ne.jp@localhost
Date: Tue, 15 Apr 2008 07:45:00 +0000 (UTC)

>Number:         38431
>Category:       kern
>Synopsis:       getparts in dkwedge_mbr.c seems to use stale data
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 15 07:45:00 +0000 2008
>Originator:     YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost>
>Release:        NetBSD 4.99.59
>Organization:
        
>Environment:
        
        
Architecture: i386
Machine: i386
>Description:
        getparts() recursively calls getparts(), which overwrites the
        contents of a->buf.  note that 'dp' is still pointing to a->buf
        and will be used in the following iteration of the loop.

                /* Recursively scan extended partitions. */
                for (i = 0; i < MBR_PART_COUNT; i++) {
                        uint32_t poff;

                        if (MBR_IS_EXTENDED(dp[i].mbrp_type)) {
                                poff = le32toh(dp[i].mbrp_start) + extoff;
                                getparts(a, poff, extoff ? extoff : poff);
                        }
                }

>How-To-Repeat:
        code inspection.
>Fix:
        

>Unformatted:

Prev by Date: Re: kern/34537 (kernel (esp driver) crash when pcmcia card is inserted)
Next by Date: kern/38432: memcpy freezes with files mmap'ed from smbfs
Previous by Thread: Re: port-hpcarm/37227 (cf card no longer detected after vmlocking merge)
Next by Thread: Re: kern/38431: getparts in dkwedge_mbr.c seems to use stale data
Indexes:

Home | Main Index | Thread Index | Old Index