diff options
| author | markj <markj@FreeBSD.org> | 2015-03-10 21:08:58 +0000 |
|---|---|---|
| committer | markj <markj@FreeBSD.org> | 2015-03-10 21:08:58 +0000 |
| commit | 564efa5c094daac4e86d36af51649ae394beb6af (patch) | |
| tree | 497deb9ebfb1fb58571dce83bb7707fd4d9fdaa7 /share/misc/committers-src.dot | |
| parent | 3b420f99116487a23eca39c21bac65a4bb32681d (diff) | |
| download | FreeBSD-src-564efa5c094daac4e86d36af51649ae394beb6af.zip FreeBSD-src-564efa5c094daac4e86d36af51649ae394beb6af.tar.gz | |
CTF containers use the ctf_dtoldid field as a threshold type index which
indicates the range of type indices which have been committed to the
container by ctf_update(). However, the top bit of the dtd_type field is
not part of the type index; rather, it is a flag used to indicate that the
corresponding CTF container is a parent. This is why the maximum CTF type
index is 2^15 - 1 rather than 2^16 - 1. Therefore, this flag must be masked
off (using the CTF_TYPE_TO_INDEX macro) when comparing a type index with the
ctf_dtoldid field of a container.
This bug was causing libctf to erroneously free committed type definitions
in ctf_discard(). libdtrace holds some references to such types, resulting
in a use-after-free.
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
Diffstat (limited to 'share/misc/committers-src.dot')
0 files changed, 0 insertions, 0 deletions
