DragonFlyBSD Kernel Audit
← dashboard
DF-0440

red_pkttime computed as int64 then stored into int: truncation/overflow for jumbo MTU or low m2

Summary

altq_hfsc.c(:451-460): red_pkttime declared int(:433) but assigned (int64_t)if_mtu*1000*1000*1000/(m2/8)(:454-455). Jumbo MTU=9000 m2=8: 9e12 >> INT_MAX -> narrowing store truncates to garbage/negative. Passed to red_alloc. Gated ALTQ_RED+HFCF_RED both privileged. Affects shaping correctness not security.