[Bug 275515] Out of bounds memory access in siba_bhndb.c

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275515] Out of bounds memory access in siba_bhndb.c"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275515] Out of bounds memory access in siba_bhndb.c"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275515] Out of bounds memory access in siba_bhndb.c"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275515] Out of bounds memory access in siba_bhndb.c"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275515] Out of bounds memory access in siba_bhndb.c"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 03 Dec 2023 23:19:21 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275515

            Bug ID: 275515
           Summary: Out of bounds memory access in siba_bhndb.c
           Product: Base System
           Version: 14.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: wireless
          Assignee: wireless@FreeBSD.org
          Reporter: frank.hilgendorf@posteo.de

In /usr/src/sys/dev/bhnd/siba/siba_bhndb.c, in the class definition a wrong
softc struct is used. This causes out of bound memory accesses in the driver. 
These were observed with KASAN activated in the Kernel.

Hardware:
————————-
Macbook Pro 3,1 with Broadcom BCM4321 wireless card


Patch:
—————-
289 - sizeof(struct siba_softc), bhnd_bhndb_driver, siba_driver);
289 + sizeof(struct siba_bhndb_softc), bhnd_bhndb_driver, siba_driver);

-- 
You are receiving this mail because:
You are the assignee for the bug.