Re: kern/48626: ahci_atapi_probe_device panic with kmemguard

To: gnats-bugs%NetBSD.org@localhost
Subject: Re: kern/48626: ahci_atapi_probe_device panic with kmemguard
From: Nick Hudson <skrll%netbsd.org@localhost>
Date: Wed, 05 Mar 2014 07:58:58 +0000

On 02/28/14 17:15, Thomas Klausner wrote:

Number:         48626
Category:       kern
Synopsis:       ahci_atapi_probe_device panic with kmemguard

The attached patch resolves the out of bounds read (andpossible/unlikely later write).


Manuel, OK to commit?

Nick

Index: sys/dev/scsipi/atapiconf.c
===================================================================
RCS file: /cvsroot/src/sys/dev/scsipi/atapiconf.c,v
retrieving revision 1.86
diff -u -p -r1.86 atapiconf.c
--- sys/dev/scsipi/atapiconf.c  24 Jun 2012 07:48:01 -0000      1.86
+++ sys/dev/scsipi/atapiconf.c  5 Mar 2014 07:55:44 -0000
@@ -231,8 +231,10 @@ atapi_probe_bus(struct atapibus_softc *s
        int error;
        struct atapi_adapter *atapi_adapter;
 
+       KASSERT(chan->chan_ntargets >= 1);
+
        if (target == -1) {
-               maxtarget = 1;
+               maxtarget = chan->chan_ntargets - 1;
                mintarget = 0;
        } else {
                if (target < 0 || target >= chan->chan_ntargets)

Follow-Ups:
- Re: kern/48626: ahci_atapi_probe_device panic with kmemguard
  - From: Manuel Bouyer

References:
- kern/48626: ahci_atapi_probe_device panic with kmemguard
  - From: Thomas Klausner

Prev by Date: Re: kern/48626: ahci_atapi_probe_device panic with kmemguard
Next by Date: PR/48626 CVS commit: src/sys/dev/scsipi
Previous by Thread: kern/48626: ahci_atapi_probe_device panic with kmemguard
Next by Thread: Re: kern/48626: ahci_atapi_probe_device panic with kmemguard
Indexes:

Home | Main Index | Thread Index | Old Index