NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/48626: ahci_atapi_probe_device panic with kmemguard
The following reply was made to PR kern/48626; it has been noted by GNATS.
From: Nick Hudson <skrll%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: Thomas Klausner <wiz%NetBSD.org@localhost>,
kern-bug-people%netbsd.org@localhost,
gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost,
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Subject: Re: kern/48626: ahci_atapi_probe_device panic with kmemguard
Date: Wed, 05 Mar 2014 07:58:58 +0000
This is a multi-part message in MIME format.
--------------000900090409040108090003
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
On 02/28/14 17:15, Thomas Klausner wrote:
>> Number: 48626
>> Category: kern
>> Synopsis: ahci_atapi_probe_device panic with kmemguard
>>
The attached patch resolves the out of bounds read (and
possible/unlikely later write).
Manuel, OK to commit?
Nick
--------------000900090409040108090003
Content-Type: text/plain; charset=us-ascii;
name="atapiconf.c.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="atapiconf.c.diff"
Index: sys/dev/scsipi/atapiconf.c
===================================================================
RCS file: /cvsroot/src/sys/dev/scsipi/atapiconf.c,v
retrieving revision 1.86
diff -u -p -r1.86 atapiconf.c
--- sys/dev/scsipi/atapiconf.c 24 Jun 2012 07:48:01 -0000 1.86
+++ sys/dev/scsipi/atapiconf.c 5 Mar 2014 07:55:44 -0000
@@ -231,8 +231,10 @@ atapi_probe_bus(struct atapibus_softc *s
int error;
struct atapi_adapter *atapi_adapter;
+ KASSERT(chan->chan_ntargets >= 1);
+
if (target == -1) {
- maxtarget = 1;
+ maxtarget = chan->chan_ntargets - 1;
mintarget = 0;
} else {
if (target < 0 || target >= chan->chan_ntargets)
--------------000900090409040108090003--
Home |
Main Index |
Thread Index |
Old Index