[RTEMS Project] #3439: buffer overflow in rtems_rfs_bitmap_create_search()
RTEMS trac
trac at rtems.org
Wed May 30 17:12:49 UTC 2018
#3439: buffer overflow in rtems_rfs_bitmap_create_search()
---------------------+--------------------
Reporter: waltl | Owner: (none)
Type: defect | Status: new
Priority: normal | Milestone:
Component: admin | Version:
Severity: normal | Keywords:
Blocked By: | Blocking:
---------------------+--------------------
I am encountering a buffer overrun in rtems_rfs_bitmap_create_search().
It seems that whenever the bitmap uses the last bit of its search_map
(i.e. (control->size + 31) % 32 == 32)), the loop will write to the word
one beyond the end of search_map.
Attached is a simple patch that fixes the problem.
--
Ticket URL: <http://devel.rtems.org/ticket/3439>
RTEMS Project <http://www.rtems.org/>
RTEMS Project
More information about the bugs
mailing list