From nobody Tue Dec 05 18:55:53 2023 X-Original-To: wireless@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sl8r96ypzz53KlZ for ; Tue, 5 Dec 2023 18:55:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Sl8r95b1Kz4DlL for ; Tue, 5 Dec 2023 18:55:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701802553; a=rsa-sha256; cv=none; b=eH8RZuXlFJFMHLLCtB3IMK0BpI7I/sSexx29VMgK8zmXPMylGAKQCtB4k7pmt9dpA1R+5V xJtju3wx//51N0lJ0HUz8MaJhJ8f14xy/8IHRwPZ41rHshNNStwF6yFmPrEsINrEU2x5rt HuIsWVkgUp9etulE6uHlxGsAom/lGX/54tz32edVe+twVR3Uaq59NrvOU4R3LZecB71hNs PDPIDFkd0OfqmY+PXnzG4C2Qr/FwWytgPxGOsjwdd4KQQ5UNv0iXyyYGwQx02HlPTGa9kJ 8kud9yTCJzJqDlzIJ+o01tlyfB3Y3Yx8Cl6vQLaKjfTNF+RUSjPd8HWcXkwL0A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701802553; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x1ZkR8MFYqeozxJbu0fRCC4fiH5y7v52DlFcyOWAk6A=; b=A1Q6uyV1eVTSEDZkkdFoi/dDGCF3DSTBnBssaJ/LkVt6egzdcgegQ8UxV4KuogMbAg/YY/ AhJPr4JNs8J1qTTazqg0kFjRTVGEaFOfaqNwo9pEbFQaUQlLfCQ8zJcMgSkDlb5FioVLXz 8/Gl3h7/m0vyZuq6m5tHgrT2ujCRDDKifs5WHWxBqhbEGDyaSeMfe3UhID7OpHHl7SYcj3 BXtSqVhko1lnhrUtGAWP5QBzyb4cXuw+ojQe86mGkg/J2Z2lG7QlT0i45YVRURMWeB77tE i6eHRBR+81m0YOkp7Rwl5MqKSwSJXG/40eX8nCcAIHbKC90LjXbc+3gYUWbYOQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Sl8r94XvHz6P9 for ; Tue, 5 Dec 2023 18:55:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3B5ItrYw042781 for ; Tue, 5 Dec 2023 18:55:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3B5Itr6Q042780 for wireless@FreeBSD.org; Tue, 5 Dec 2023 18:55:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: wireless@FreeBSD.org Subject: [Bug 275515] Out of bounds memory access in siba_bhndb.c Date: Tue, 05 Dec 2023 18:55:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: wireless X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: wireless@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-wireless List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-wireless@freebsd.org X-BeenThere: freebsd-wireless@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275515 --- Comment #4 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D4c3aa00c0a0093c78f42d138bb9eef9b1= a7cbb39 commit 4c3aa00c0a0093c78f42d138bb9eef9b1a7cbb39 Author: Mark Johnston AuthorDate: 2023-12-05 18:47:03 +0000 Commit: Mark Johnston CommitDate: 2023-12-05 18:47:03 +0000 bhnd: Correct the softc size in the siba_bhndb_driver definition struct siba_bhndb_softc embeds struct siba_softc and adds an extra field, "quirks". In practice, this bug was harmless since "quirks" is unconditionally initialized during driver attach and would have lived in the redzone of the softc allocation, but KASAN catches the out-of-bounds access. PR: 275515 Reported by: Frank Hilgendorf MFC after: 1 week sys/dev/bhnd/siba/siba_bhndb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --=20 You are receiving this mail because: You are the assignee for the bug.=