diff options
| author | Olivier Certner <olce@FreeBSD.org> | 2026-02-04 13:04:20 +0000 |
|---|---|---|
| committer | Olivier Certner <olce@FreeBSD.org> | 2026-02-10 16:50:27 +0000 |
| commit | 7e5f4bb3a1c999d1893528faa75559f37365de47 (patch) | |
| tree | dc7e74af3ee2fcceda57fb83782f2dd48027b8af | |
| parent | 1224347817c450596797ae6bcbfcc81927cb1f88 (diff) | |
kernel dump: dumpsys_gen_pa_next(): Fix "no more chunks" condition detection
In the (improbable) cases where either:
- All entries in dump_map[] are used, so there is no guard entry filled with zeros.
- Some dump region has size 0.
We would respectively access dump_map[] out-of-bounds or omit further
dump regions when iterating.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
| -rw-r--r-- | sys/kern/kern_dump.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/kern/kern_dump.c b/sys/kern/kern_dump.c index 67c5844013be..f1354157abf1 100644 --- a/sys/kern/kern_dump.c +++ b/sys/kern/kern_dump.c @@ -82,7 +82,8 @@ dumpsys_gen_pa_next(struct dump_pa *mdp) return (&dump_map[0]); mdp++; - if (mdp->pa_size == 0) + if (mdp - dump_map >= nitems(dump_map) || + (mdp->pa_start == 0 && mdp->pa_size == 0)) mdp = NULL; return (mdp); } |