DragonFlyBSD Kernel Audit
← dashboard
DF-0211

No negative-size guard on ccmax in clist_alloc_cblocks

Summary

ccmax signed int never checked <0. kmalloc(ccmax*sizeof(short)) with negative ccmax -> huge size_t. M_INTWAIT no M_NULLOK -> panic. Callers pass clamped positive values. Hardening.