DragonFlyBSD Kernel Audit
← dashboard
DF-0208

No validation of negative length in clist_qtob/btoq/ndflush

Summary

clist_qtob(:127)/btoq(:193)/ndflush(:155) clamp upper bound but not lower. Negative n -> while(n)/--n runs away OOB. Current callers pass positive quantities. Latent.