NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/49460: kdump hangs on big ktr_len values
>Number: 49460
>Category: bin
>Synopsis: kdump hangs on big ktr_len values
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Dec 09 22:15:00 +0000 2014
>Originator: Alexander Nasonov
>Release: and64 -current (7.99.1)
>Organization:
TNF
>Environment:
>Description:
When ktr_len field in ktr_header is bigger than INT_MAX/2 + 1, the loop 'while (ktrlen > size) size *= 2;' will reach size=0 and never terminate.
>How-To-Repeat:
I was running afl-fuzz and I executed kdump fuzzer_stats by mistake.
>Fix:
Add if (ktrlen > INT_MAX / 2) errx(1, "bogus length 0x%x", ktrlen);
Home |
Main Index |
Thread Index |
Old Index