Date: Sat, 17 May 2014 02:45:05 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r266281 - head/sys/dev/aac Message-ID: <201405170245.s4H2j50i018049@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Sat May 17 02:45:04 2014 New Revision: 266281 URL: http://svnweb.freebsd.org/changeset/base/266281 Log: Clear the data buffer length field when freeing a command structure so that it doesn't leak through when the command structure is reused for a user command without a data buffer. PR: amd64/189668 Tested by: Pete Long <pete@nrth.org> MFC after: 1 week Modified: head/sys/dev/aac/aac.c Modified: head/sys/dev/aac/aac.c ============================================================================== --- head/sys/dev/aac/aac.c Sat May 17 02:39:20 2014 (r266280) +++ head/sys/dev/aac/aac.c Sat May 17 02:45:04 2014 (r266281) @@ -1408,6 +1408,7 @@ aac_release_command(struct aac_command * fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, ""); /* (re)initialize the command/FIB */ + cm->cm_datalen = 0; cm->cm_sgtable = NULL; cm->cm_flags = 0; cm->cm_complete = NULL;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405170245.s4H2j50i018049>