Author: bz Date: Sat May 2 08:31:16 2015 New Revision: 282337 URL: https://svnweb.freebsd.org/changeset/base/282337
Log: Fix an off-by-one bug in string/array handling which lead to memory overwrite and follow-up assertion errors on at least ARM after r282257, with nvp_magic being 0x6e7600: Assertion failed: ((nvp)->nvp_magic == 0x6e7670), function nvpair_name, file .../subr_nvpair.c, line 713. Sponsored by: DARPA/AFRL Modified: head/sys/kern/subr_nvpair.c Modified: head/sys/kern/subr_nvpair.c ============================================================================== --- head/sys/kern/subr_nvpair.c Sat May 2 04:19:11 2015 (r282336) +++ head/sys/kern/subr_nvpair.c Sat May 2 08:31:16 2015 (r282337) @@ -733,7 +733,7 @@ nvpair_allocv(const char *name, int type if (nvp != NULL) { nvp->nvp_name = (char *)(nvp + 1); memcpy(nvp->nvp_name, name, namelen); - nvp->nvp_name[namelen + 1] = '\0'; + nvp->nvp_name[namelen] = '\0'; nvp->nvp_type = type; nvp->nvp_data = data; nvp->nvp_datasize = datasize; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"