d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The building the dev nameunit string, in devclass_add_device() is based

Browse Source 
on the assumption that the unit linked with the device is invariant but
that can change when calling devclass_alloc_unit() (because -1 is passed
or, more simply, because the unit choosen is beyond the table limits).
This results in a completely bogus string building.

Fix this by reserving the necessary room for all the possible characters
printable by a positive integer (we do not allow for negative unit
number).

Reported by:	Sandvine Incorporated
Reviewed by:	emaste
Sponsored by:	Sandvine Incorporated
MFC:		1 week
This commit is contained in:
Attilio Rao 2009-11-12 00:52:14 +00:00
parent 758801232c
commit 023c800576
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/kern/subr_bus.c
View File

@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$");
#include <sys/lock.h>
#include <sys/kernel.h>
#include <sys/kobj.h>
#include <sys/limits.h>
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/mutex.h>
@ -1584,7 +1585,7 @@ devclass_add_device(devclass_t dc, device_t dev)
PDEBUG(("%s in devclass %s", DEVICENAME(dev), DEVCLANAME(dc)));
buflen = snprintf(NULL, 0, "%s%d$", dc->name, dev->unit);
buflen = snprintf(NULL, 0, "%s%d$", dc->name, INT_MAX);
if (buflen < 0)
return (ENOMEM);
dev->nameunit = malloc(buflen, M_BUS, M_NOWAIT|M_ZERO);