K 10
svn:author
V 3
mav
K 8
svn:date
V 27
2018-12-14T14:44:38.453089Z
K 7
svn:log
V 657
MFC r341705: Fix several iov handling bugs in bhyve virtio-scsi backend.

 - buf_to_iov() does not use buflen parameter, allowing out of bound read.
 - buf_to_iov() leaks memory if seek argument > 0.
 - iov_to_buf() doesn't need to reallocate buffer for every segment.
 - there is no point to use size_t for iov counts, int is more then enough.
 - some iov function arguments can be constified.
 - pci_vtscsi_request_handle() used truncate_iov() incorrectly, allowing
   getting out of buffer and possibly corrupting data.
 - pci_vtscsi_controlq_notify() written returned status at wrong offset.
 - pci_vtscsi_controlq_notify() leaked one buffer per event.

END