DragonFlyBSD Kernel Audit
← dashboard
DF-0122

kgetenv_quad signed-shift overflow on magnitude-suffixed values

Summary

kgetenv_quad(:436-457) left-shifts int64_t by 10 per K/M/G/T suffix with no overflow check. Value near INT64_MAX+suffix = signed overflow (UB). Boot-time loader.conf only. Downstream consumers get wild magnitude.