DragonFlyBSD Kernel Audit
← dashboard
DF-0152

preload_dump_internal termination check weaker than other walkers; huge len advances pointer

Summary

preload_dump_internal loops while(bptr[0]!=MODINFO_END) -- checks only type word, not {0,0} double-check like other walkers. len=0xFFFFFFFF -> roundup(0xFFFFFFFF,8)/4=0x40000000 words -> bptr jumps ~4GB. OOB read/panic via debug.dump_modinfo sysctl.