DragonFlyBSD Kernel Audit
← dashboard
DF-0228

hdr_lba_table (uint64) read via le32toh() -> silent 64-to-32 truncation

Summary

gpt->hdr_lba_table is uint64_t. subr_diskgpt.c:133 uses le32toh() (truncates to 32-bit on x86_64 endian.h:73) instead of le64toh(). Table LBA on disks >=2TB silently wrong sector. Crafted image: attacker redirects GPT array read to arbitrary sector. No kernel memory corruption (buffer independently sized).