DragonFlyBSD Kernel Audit
← dashboard
DF-0461

Potential signed integer overflow in kern_load burst-adaptation math

Summary

Line :1019 kern_load=(kern_load*pollhz)/10000 both int32. pollhz up to 30049. Mul overflows int when single poll cycle >71ms (the very stall scenario iopoll_clock detects). Signed int overflow UB. Wrong burst direction only. No memory corruption. Not attacker-controlled. Fix: cast int64 before mul.