Bug #2658: scf_get_bootconfig will indirectly stomp caller memory - illumos gate - illumos

Actions

Copy link

Bug #2658

closed

scf_get_bootconfig will indirectly stomp caller memory

Added by Rich Lowe about 11 years ago. Updated about 11 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Rich Lowe

Category:

lib - userland libraries

Start date:

2012-04-27

Due date:

% Done:

100%

Estimated time:

Difficulty:

Medium

Tags:

Gerrit CR:

External Bug:

Description

When scf_read_propvec() is given a propvec_t with pv_aux set, and a boolean type it writes the result pointer as a uint64_t with the bits marked by pv_aux set to 1.

scf_get_boot_config passes a uint8_t from the caller, leading either to stomping 7 extra bytes or an alignment trap depending on platform and caller.

We should keep a uint64_t in scf_get_boot_config for scf_read_propvec to write, then return the low 8 of that.

Actions

Copy link

Updated by Rich Lowe about 11 years ago

Status changed from New to In Progress

Actions

Copy link

Updated by Rich Lowe about 11 years ago

Status changed from In Progress to Resolved
% Done changed from 80 to 100

Resolved in r13678 commit:8f2b5c7a4c80

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

illumos gate

Custom queries

Bug #2658

scf_get_bootconfig will indirectly stomp caller memory

Updated by Rich Lowe about 11 years ago

Updated by Rich Lowe about 11 years ago