1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00

DIOCGSECTORSIZE expects to write to a u_int, but struct zfs_probe_args

member secsz was a uint16_t

sys/boot/zfs/zfs.c has a probe args structure member, secsz, that is a
uint16_t for media sector size; it is used as an argument for ioctl()
at line 484. however, this ioctl writes 32 bits of data (u_int *) and
therefore this ioctl will overwrite and corrupt 16 bits of memory.
other use cases seem to use correct u_int type for secsz.

PR:		204358
Submitted by:	Toomas Soome <tsoome at me.com>
Reviewed by:	asomers, delphij, smh
MFC after:	5 days
Differential Revision:	https://reviews.freebsd.org/D4811
This commit is contained in:
Allan Jude 2016-01-11 15:35:29 +00:00
parent 481b36c66a
commit 076b613091
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=293661

View File

@ -413,7 +413,7 @@ struct zfs_probe_args {
int fd;
const char *devname;
uint64_t *pool_guid;
uint16_t secsz;
u_int secsz;
};
static int