DragonFlyBSD/src 30a075b — sys/dev/sound/midi midi.c
kernel - Rejigger midistat functions to close a race * Make sure lock has full coverage across midistat_open() and midistat_read(). The temporary drop of the lock in midistat_read() lead to a race which allows one to read kernel memory beyond the end of the sbuf buffer. * Rejigger the code to remove the global offset and just use uio_offset, which also fixes the same race (but leave the lock coverage in place regardless). Taken-From: FreeBSD Security: CVE-2019-5612
Delta | File | |
---|---|---|
+14 | -18 | sys/dev/sound/midi/midi.c |
+14 | -18 | 1 files |