[haiku-bugs] Re: [Haiku] #10259: CDDA-related KDL: ASCII string corrupts kernel structures

  • From: "ttcoder" <trac@xxxxxxxxxxxx>
  • Date: Wed, 08 Jan 2014 21:08:13 -0000

#10259: CDDA-related KDL: ASCII string corrupts kernel structures
---------------------------------+----------------------------
   Reporter:  ttcoder            |      Owner:  axeld
       Type:  bug                |     Status:  assigned
   Priority:  normal             |  Milestone:  R1
  Component:  File Systems/cdda  |    Version:  R1/Development
 Resolution:                     |   Keywords:
 Blocked By:                     |   Blocking:
Has a Patch:  0                  |   Platform:  All
---------------------------------+----------------------------

Comment (by ttcoder):

 Not a direct answer to Ingo's kernelland question, but I just noticed this
 gci student ticket about a vulnerability in `StartWatching()`:...

 ticket:10383

 ... reporting that in a certain error case a method may be called on a
 deleted object like thus:


 {{{
 watcher->Insert(handler);
 }}}


 Even if assuming that this is the same StartWatching() that is accessible
 from applications including mine, I'm probably going on a limb though when
 wondering if the above userland call to `BOpenHashTable::Insert()` on a
 `delete`d object could be able to trigger a kernelland crash (due to long
 word 0x54202d40 being written in the wrong place) later...

 But since a hash table typically deals with ascii strings, and a hashed
 ascii string seems to be written in the wrong place in the above case (?),
 and my KDL is about an ascii string being accessed in stead of a pointer,
 well -- I figured I'd better ask :-)

--
Ticket URL: <http://dev.haiku-os.org/ticket/10259#comment:9>
Haiku <http://dev.haiku-os.org>
Haiku - the operating system.

Other related posts: