Author: bz
Date: Sat May 2 08:31:16 2015
New Revision: 282337
URL: https://svnweb.freebsd.org/changeset/base/282337
Log:
Fix an off-by-one bug in string/array handling which lead to memory overwrite
and follow-up assertion errors on at least ARM after r282257,
with nvp_magic being 0x6e7600:
Assertion failed: ((nvp)->nvp_magic == 0x6e7670), function nvpair_name, file
.../subr_nvpair.c, line 713.
Sponsored by: DARPA/AFRL
Modified:
head/sys/kern/subr_nvpair.c
Modified: head/sys/kern/subr_nvpair.c
==============================================================================
--- head/sys/kern/subr_nvpair.c Sat May 2 04:19:11 2015 (r282336)
+++ head/sys/kern/subr_nvpair.c Sat May 2 08:31:16 2015 (r282337)
@@ -733,7 +733,7 @@ nvpair_allocv(const char *name, int type
if (nvp != NULL) {
nvp->nvp_name = (char *)(nvp + 1);
memcpy(nvp->nvp_name, name, namelen);
- nvp->nvp_name[namelen + 1] = '\0';
+ nvp->nvp_name[namelen] = '\0';
nvp->nvp_type = type;
nvp->nvp_data = data;
nvp->nvp_datasize = datasize;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
