The branch main has been updated by arichardson: URL: https://cgit.FreeBSD.org/src/commit/?id=1a2f06d0f2905c9a18340b377cbbe772f2ca6844
commit 1a2f06d0f2905c9a18340b377cbbe772f2ca6844 Author: Alex Richardson <[email protected]> AuthorDate: 2021-06-16 15:27:13 +0000 Commit: Alex Richardson <[email protected]> CommitDate: 2021-06-16 15:27:13 +0000 vis(3): avoid out-of-bounds stack buffer reads I found this while running kdump(1) on a CheriBSD system due to a capability length violation when printing the /etc/libmap.conf read() system call: it crashed immediately after printing the first line. Found by: CHERI Reviewed By: jhb MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D30771 --- contrib/libc-vis/vis.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/libc-vis/vis.c b/contrib/libc-vis/vis.c index 21c07b70619d..c43186a44b51 100644 --- a/contrib/libc-vis/vis.c +++ b/contrib/libc-vis/vis.c @@ -465,7 +465,8 @@ istrsenvisx(char **mbdstp, size_t *dlen, const char *mbsrc, size_t mblength, while (mbslength > 0) { /* Convert one multibyte character to wchar_t. */ if (!cerr) - clen = mbrtowc(src, mbsrc, MB_LEN_MAX, &mbstate); + clen = mbrtowc(src, mbsrc, MIN(mbslength, MB_LEN_MAX), + &mbstate); if (cerr || clen < 0) { /* Conversion error, process as a byte instead. */ *src = (wint_t)(u_char)*mbsrc; _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main To unsubscribe, send any mail to "[email protected]"
