Bug 229665 - src/sys/netpfil/ipfw/ip_fw_sockopt.c:304: possible bad size in malloc ?
Summary: src/sys/netpfil/ipfw/ip_fw_sockopt.c:304: possible bad size in malloc ?
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Andrey V. Elsukov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-10 06:50 UTC by David Binderman
Modified: 2018-07-19 07:31 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Binderman 2018-07-10 06:50:32 UTC 
src/sys/netpfil/ipfw/ip_fw_sockopt.c:304]: (warning) Size of pointer 'idxmap' used instead of size of its data.

Source code is

        int *idxmap, *idxmap_back;

        idxmap = malloc(65536 * sizeof(uint32_t *), M_IPFW,
            M_WAITOK | M_ZERO);
        idxmap_back = malloc(65536 * sizeof(uint32_t *), M_IPFW,
            M_WAITOK | M_ZERO);

maybe better code

        int *idxmap, *idxmap_back;

        idxmap = malloc(65536 * sizeof(int), M_IPFW,
            M_WAITOK | M_ZERO);
        idxmap_back = malloc(65536 * sizeof(int), M_IPFW,
            M_WAITOK | M_ZERO);
Comment 1 Andrey V. Elsukov freebsd_committer freebsd_triage 2018-07-11 18:09:05 UTC 
The proposed patch looks correct to me, I'll test it a bit later and commit, thanks!
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-07-12 11:39:01 UTC 
A commit references this bug:

Author: ae
Date: Thu Jul 12 11:38:18 UTC 2018
New revision: 336219
URL: https://svnweb.freebsd.org/changeset/base/336219

Log:
  Use correct size when we are allocating array for skipto index.

  Also, there is no need to use M_ZERO for idxmap_back. It will be
  re-filled just after allocation in update_skipto_cache().

  PR:		229665
  MFC after:	1 week

Changes:
  head/sys/netpfil/ipfw/ip_fw_sockopt.c
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-07-19 07:31:13 UTC 
A commit references this bug:

Author: ae
Date: Thu Jul 19 07:30:19 UTC 2018
New revision: 336468
URL: https://svnweb.freebsd.org/changeset/base/336468

Log:
  MFC r336219:
    Use correct size when we are allocating array for skipto index.

    Also, there is no need to use M_ZERO for idxmap_back. It will be
    re-filled just after allocation in update_skipto_cache().

    PR:		229665

Changes:
_U  stable/11/
  stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c
Comment 4 Andrey V. Elsukov freebsd_committer freebsd_triage 2018-07-19 07:31:51 UTC 
Fixed in head/ and stable/11. Thanks!