Re: redzone catching a buffer overflow in swapoff_one

Mark Millard Mon, 03 Sep 2018 13:12:57 -0700

Shawn Webb shawn.webb at hardenedbsd.org wrote on
Mon Sep 3 17:41:17 UTC 2018 :


> I'm unsure whether this is a false positive or true positive, but it
> looks like there may be a buffer overflow in swapoff_one:
> 
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] REDZONE: Buffer overflow 
> detected. 16 bytes corrupted after 0xfffffe1fe0023248 (2237000 bytes 
> allocated).
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] Allocation backtrace:
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #0 0xffffffff80e188e1 at 
> redzone_setup+0xe1
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #1 0xffffffff80ac8007 at 
> malloc+0x1d7
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #2 0xffffffff80b1f449 at 
> blist_create+0x99
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #3 0xffffffff80e1daa7 at 
> swaponsomething+0xe7
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #4 0xffffffff80e1c233 at 
> sys_swapon+0x413
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #5 0xffffffff80fc0e5e at 
> amd64_syscall+0x29e
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #6 0xffffffff80f9dc9d at 
> fast_syscall_common+0x101
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] Free backtrace:
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #0 0xffffffff80e18c28 at 
> redzone_check+0x2f8
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #1 0xffffffff80ac85af at 
> free_dbg+0x5f
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #2 0xffffffff80ac84aa at 
> free+0x1a
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #3 0xffffffff80e1cae5 at 
> swapoff_one+0x675
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #4 0xffffffff80e1cc57 at 
> swapoff_all+0xd7
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #5 0xffffffff80b9991a at 
> bufshutdown+0x2ca
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #6 0xffffffff80aec36e at 
> kern_reboot+0x21e
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #7 0xffffffff80aec0f9 at 
> sys_reboot+0x3a9
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #8 0xffffffff80fc0e5e at 
> amd64_syscall+0x29e
> Sep  3 13:13:13 hbsd-dev-laptop kernel: [619] #9 0xffffffff80f9dc9d at 
> fast_syscall_common+0x101

See:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231116

for "Out of bounds memory access in blist_create()" with
a Mark Johnston patch in Comment #2.

===
Mark Millard
marklmi at yahoo.com
( dsl-only.net went
away in early 2018-Mar)

_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: redzone catching a buffer overflow in swapoff_one

Reply via email to