>Number: 175648
>Category: misc
>Synopsis: [PATCH] Fix for buffer corruption in libproc
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 28 10:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Yuri
>Release: 9.1-STABLE
>Organization:
n/a
>Environment:
>Description:
Please check in the attached patch.
Please MFC to 9.X.
Patch fixes the buffer corruption caused by the wrong size passed to realloc.
Bug can be experienced by calling ustack() from some dtrace script when the
number of entries in /proc/PID/map is greater than 64.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: lib/libproc/proc_rtld.c
===================================================================
--- lib/libproc/proc_rtld.c (revision 245708)
+++ lib/libproc/proc_rtld.c (working copy)
@@ -44,7 +44,7 @@
if (phdl->nobjs >= phdl->rdobjsz) {
phdl->rdobjsz *= 2;
- phdl->rdobjs = realloc(phdl->rdobjs, phdl->rdobjsz);
+ phdl->rdobjs = realloc(phdl->rdobjs, sizeof(*phdl->rdobjs) *
phdl->rdobjsz);
if (phdl->rdobjs == NULL)
return (-1);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
