https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211960
Conrad Meyer <c...@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |c...@freebsd.org --- Comment #1 from Conrad Meyer <c...@freebsd.org> --- I think the mechanism by which we fault here (amd64 and other 64-bit time_t platforms) is: days (int) is overflowed to be negative by: days = secs / SECDAY; // (secs is time_t==int64_t on amd64) ct->day (int) inherits a negative value from days. In atrtc_set(), we invoke bin2bcd(ct.day) => bin2bcd_data[ct.day] (valid indices are 0-99) => dereferencing 2GB before the array. It seems like ct->day being negative (or more specifically, outside 0-31) is a bug. It seems like several places here could have better assertions to protect against invalid ranges. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"