git: 985d95fb1447 - stable/12 - zfsboot: vdev_read_pad2 does allocate buffer with wrong size

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Fri, 08 Oct 2021 06:10:32 UTC

The branch stable/12 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=985d95fb1447b459fd0616bae5ac241b1ca60d33

commit 985d95fb1447b459fd0616bae5ac241b1ca60d33
Author:     Toomas Soome <tsoome@FreeBSD.org>
AuthorDate: 2020-02-05 11:02:00 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-10-08 02:41:22 +0000

    zfsboot: vdev_read_pad2 does allocate buffer with wrong size
    
    vdev_read_pad2() does read VDEV_PAD_SIZE of data, and will copy size bytes
    of it, hence, we need buffer of VDEV_PAD_SIZE bytes.
    
    Issue introduced in r357497.
    
    (cherry picked from commit 7503958e4cd57bcfc2b611594906b56c6645e5f4)
---
 stand/i386/zfsboot/zfsboot.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stand/i386/zfsboot/zfsboot.c b/stand/i386/zfsboot/zfsboot.c
index e5da51b13b7d..03edb08409c6 100644
--- a/stand/i386/zfsboot/zfsboot.c
+++ b/stand/i386/zfsboot/zfsboot.c
@@ -324,7 +324,7 @@ vdev_read_pad2(vdev_t *vdev, char *buf, size_t size)
 	if (size > VDEV_PAD_SIZE)
 		size = VDEV_PAD_SIZE;
 
-	tmp = malloc(size);
+	tmp = malloc(VDEV_PAD_SIZE);
 	if (tmp == NULL)
 		return (ENOMEM);