[systemd-bugs] [Bug 87305] New: kdbus: the slice size check in kdbus_pool_copy does not make sense
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Dec 14 06:35:13 PST 2014
https://bugs.freedesktop.org/show_bug.cgi?id=87305
Bug ID: 87305
Summary: kdbus: the slice size check in kdbus_pool_copy does
not make sense
Product: systemd
Version: unspecified
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: general
Assignee: systemd-bugs at lists.freedesktop.org
Reporter: mustrumr97 at gmail.com
QA Contact: systemd-bugs at lists.freedesktop.org
It looks like the slice occupies pool[slice->off,slice->off+slice->size).
Therefore:
--- a/pool.c
+++ b/pool.c
@@ -644,7 +644,7 @@ static int kdbus_pool_copy(const struct kdbus_pool_slice
*slice,
unsigned long rem = len;
int ret = 0;
- BUG_ON(off_dst + len > slice->size);
+ BUG_ON(len > slice->size);
BUG_ON(slice->free);
mutex_lock(&i_dst->i_mutex);
Confirmed, this makes my system less crash-prone (down to about 0% from 100%
crash probability).
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20141214/b6893592/attachment.html>
More information about the systemd-bugs
mailing list