DragonFlyBSD Kernel Audit
← dashboard
DF-0538

Type-confused stack buffer: char *addrbuf[NG_HOOKSIZ+4] is pointer array not byte array

Summary

Line :981: char *addrbuf[NG_HOOKSIZ+4] declares array of (NG_HOOKSIZ+4) char pointers = 36*sizeof(char*)=288 bytes on amd64, not intended char addrbuf[NG_HOOKSIZ+4]=36 bytes. Buffer then cast to sockaddr_ng filled byte-wise. Currently harmless (over-allocation only makes buffer larger) but wastes 252 bytes stack. Latent footgun: any future change relying on sizeof(addrbuf)==NG_HOOKSIZ+4 silently wrong. Fix: char addrbuf[NG_HOOKSIZ+4] drop the *.