buffer overrun in rtems_rfs_bitmap_create_search()
Walter Lee
waltl at google.com
Wed May 30 17:24:38 UTC 2018
Hi. I am encountering a buffer overrun in
rtems_rfs_bitmap_create_search(). It seems that whenever the bitmap
uses the last bit of its search_map (i.e. (control->size + 31) % 32 ==
32)), the loop will write to the word one beyond the end of
search_map.
I filed a bug at https://devel.rtems.org/ticket/3439, with a patch
that fixes the problem.
Please let me know if I'm missing something, and if not what I need to
do to get this fixed.
Thanks,
Walter
More information about the devel
mailing list