DragonFlyBSD Kernel Audit
← dashboard
DF-0251

PC_TO_INDEX u_quad_t overflow on 64-bit (correctness only, bounds check prevents OOB)

Summary

PC_TO_INDEX(:86-88) (pc-pr_off)*pr_scale>>16 in u_quad_t. pr_scale up to 0x10000(:59 allows exactly). 64-bit pc -> product can overflow u_quad_t. Cast to int implementation-defined. Profiling samples wrong buckets. BUT i>=pr_size check(:110,:136) prevents any OOB write. Correctness only.