DragonFlyBSD Kernel Audit
← dashboard
DF-0160

xio_init_kbuf silently truncates when kbytes exceeds XIO_INTERNAL_SIZE

Summary

Load loop bounded i<XIO_INTERNAL_PAGES(:113). If kbytes>XIO_INTERNAL_SIZE, loop exits with xio_error=0 but xio_bytes reflects truncated page count not requested kbytes. Caller trusting original kbytes overruns own buffer.