MacOS/iOS kernel heap overflow due to lack of lower size check in getvolattrlist(CVE-2018-4243)

getvolattrlist takes a user controlled bufferSize argument via the fgetattrlist syscall. When allocating a kernel buffer to serialize the attr list to there's the following comment: / Allocate a target buffer for attribute results. Note that since we won't ever copy out more than the caller...