b0ee912984
indicates the range of type indices which have been committed to the container by ctf_update(). However, the top bit of the dtd_type field is not part of the type index; rather, it is a flag used to indicate that the corresponding CTF container is a parent. This is why the maximum CTF type index is 2^15 - 1 rather than 2^16 - 1. Therefore, this flag must be masked off (using the CTF_TYPE_TO_INDEX macro) when comparing a type index with the ctf_dtoldid field of a container. This bug was causing libctf to erroneously free committed type definitions in ctf_discard(). libdtrace holds some references to such types, resulting in a use-after-free. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division |
||
|---|---|---|
| .. | ||
| compat/opensolaris | ||
| contrib | ||
| lib | ||
| sbin | ||
| tests | ||
| usr.bin | ||
| usr.sbin | ||
| Makefile | ||
| Makefile.inc | ||