https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237924
Bug ID: 237924
Summary: Possible infinite loop in function empty_aux_buffer of
sys/dev/atkbdc/atkbdc.c
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Created attachment 204401
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=204401&action=edit
Proposed patch
There is a possible infinite loop vulnerability in function empty_aux_buffer of
sys/dev/atkbdc/atkbdc.c
Some systems (Intel/IBM blades) do not have keyboard devices and will thus hang
in the processure.
void
empty_aux_buffer(KBDC p, int wait)
{
int t;
int b;
int f;
#if KBDIO_DEBUG >= 2
int c1 = 0;
int c2 = 0;
#endif
int delta = 2;
for (t = wait; t > 0; ) {
if ((f = read_status(kbdcp(p))) & KBDS_ANY_BUFFER_FULL) {
DELAY(KBDD_DELAYTIME);
b = read_data(kbdcp(p));
if ((f & KBDS_BUFFER_FULL) == KBDS_KBD_BUFFER_FULL) {
addq(&kbdcp(p)->kbd, b);
#if KBDIO_DEBUG >= 2
++c1;
} else {
++c2;
#endif
}
t = wait;
} else {
t -= delta;
}
DELAY(delta*1000);
}
#if KBDIO_DEBUG >= 2
if ((c1 > 0) || (c2 > 0))
log(LOG_DEBUG, "kbdc: %d:%d char read (empty_aux_buffer)\n", c1, c2);
#endif
emptyq(&kbdcp(p)->aux);
}
The attachment is the proposed patch that are copied from
https://github.com/freebsd/freebsd/commit/3631541670c84a8731b46350daa30502edb0ca80
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
