Date: Wed, 26 Sep 2001 18:30:05 -0700 (PDT) From: David Xu <davidx@viasoft.com.cn> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/30857: intr_machdep.c allows access out of array bound Message-ID: <200109270130.f8R1U5L86525@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 30857 >Category: misc >Synopsis: intr_machdep.c allows access out of array bound >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Sep 26 18:40:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: David Xu >Release: FreeBSD 4.4-release >Organization: Viasoft >Environment: FreeBSD davidbsd.viasoft.com.cn 4.4-RELEASE FreeBSD 4.4-RELEASE #3: Thu Sep 27 0 9:04:24 CST 2001 root@davidbsd.viasoft.com.cn:/usr/src/sys/compile/xu i386 >Description: in source file /sys/i386/isa/intr_machdep.c, function icu_setup does not detect array bound correctly, allow access out of bound data. >How-To-Repeat: >Fix: patch is here: --- intr_machdep.c.orig Thu Sep 27 09:03:29 2001 +++ intr_machdep.c Thu Sep 27 09:04:11 2001 @@ -433,6 +433,7 @@ #else if ((u_int)intr >= ICU_LEN || intr == ICU_SLAVEID) #endif /* APIC_IO */ + return (EINVAL); if (intr_handler[intr] != isa_strayintr) return (EBUSY); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109270130.f8R1U5L86525>