DragonFlyBSD Kernel Audit
← dashboard
DF-0232

SIOCSPGRP invokes fsetown(-INT_MIN) -> signed-overflow UB on attacker-controlled value

Summary

SIOCSPGRP(:164) fsetown(-(*(int*)data),...). User-controlled value INT_MIN -> -INT_MIN is signed overflow UB. gcc x86_64: benign (ESRCH). Compiler entitled to assume !=INT_MIN. Same antipattern in sys_pipe.c/bpf.c/tap/tun/log. Unpriv via socket fd.