buffer overrun in rtems_rfs_bitmap_create_search()
Gedare Bloom
gedare at rtems.org
Mon Jun 4 13:55:23 UTC 2018
Hello Walter,
Thank you for the bug report and patch. The patch is outdated, what
version of RTEMS are you using? I think the problem also affects the
master branch, but we need a ticket for each affected open branch.
The fix looks OK to me, but I'd like Chris Johns to approve it. I
assigned the ticket to him.
Gedare
On Wed, May 30, 2018 at 1:24 PM, Walter Lee <waltl at google.com> wrote:
> Hi. I am encountering a buffer overrun in
> rtems_rfs_bitmap_create_search(). It seems that whenever the bitmap
> uses the last bit of its search_map (i.e. (control->size + 31) % 32 ==
> 32)), the loop will write to the word one beyond the end of
> search_map.
>
> I filed a bug at https://devel.rtems.org/ticket/3439, with a patch
> that fixes the problem.
>
> Please let me know if I'm missing something, and if not what I need to
> do to get this fixed.
>
> Thanks,
>
> Walter
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel
More information about the devel
mailing list