Fix mbuf releated crashes in switch(4). They have been found by - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	bluhm <bluhm@openbsd.org>	2018-12-28 14:32:47 +0000
committer	bluhm <bluhm@openbsd.org>	2018-12-28 14:32:47 +0000
commit	54e30ac1a80406fdc86d542b5333348256eb840e (patch)
tree	359480ef48971eb3a25d16a8d33701569a1ed181 /gnu/llvm/tools/clang/lib/Analysis/FormatString.cpp
parent	set conf.capabilities.mp to 0 by default (diff)
download	wireguard-openbsd-54e30ac1a80406fdc86d542b5333348256eb840e.tar.xz wireguard-openbsd-54e30ac1a80406fdc86d542b5333348256eb840e.zip

Fix mbuf releated crashes in switch(4). They have been found by

syzkaller as pool corruption panic. It is unclear which bug caused what, but it should be better now. - Check M_PKTHDR with assertion before accessing m_pkthdr. - Do not access oh_length without m_pullup(). - After checking if there is space at the end of the mbuf, don't overwrite the data at the beginning. Append the new content. - Do not set m_len and m_pkthdr.len when it is unclear whether the ofp_error header fits at all. Use m_makespace() to adjust the mbuf. Reported-by: syzbot+6efc0a9d5b700b54392e@syzkaller.appspotmail.com test akoshibe@; OK claudio@

Diffstat (limited to 'gnu/llvm/tools/clang/lib/Analysis/FormatString.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: