summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkib <kib@FreeBSD.org>2013-11-20 19:41:00 +0000
committerkib <kib@FreeBSD.org>2013-11-20 19:41:00 +0000
commite4deb800b079b97862b81dea42b242508a899080 (patch)
treeac28ed25b5c3f8177eea0318478f31d4c8e1a1e8
parent54b247ccebdd24c78003d2d436c54bd68fa63a36 (diff)
downloadFreeBSD-src-e4deb800b079b97862b81dea42b242508a899080.zip
FreeBSD-src-e4deb800b079b97862b81dea42b242508a899080.tar.gz
Redo r258088 to avoid relying on signed arithmetic overflow, since
compiler interprets this as an undefined behaviour. Instead, ensure that the sum of uio_offset and uio_resid is below OFF_MAX using the operation which cannot overflow. Reported and tested by: pho Discussed with: bde Approved by: des (pseudofs maintainer) Sponsored by: The FreeBSD Foundation MFC after: 1 week
Diffstat
-rw-r--r--sys/fs/pseudofs/pseudofs_vnops.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c
index b6021b1..f00b4b2 100644
--- a/sys/fs/pseudofs/pseudofs_vnops.c
+++ b/sys/fs/pseudofs/pseudofs_vnops.c
@@ -616,8 +616,7 @@ pfs_read(struct vop_read_args *va)
struct proc *proc;
struct sbuf *sb = NULL;
int error, locked;
- off_t offset;
- ssize_t buflen, resid;
+ off_t buflen;
PFS_TRACE(("%s", pn->pn_name));
pfs_assert_not_owned(pn);
@@ -654,16 +653,12 @@ pfs_read(struct vop_read_args *va)
goto ret;
}
- resid = uio->uio_resid;
- offset = uio->uio_offset;
- buflen = offset + resid;
-
- /* beaucoup sanity checks so we don't ask for bogus allocation */
- if (resid < 0 || buflen < offset || buflen < resid ||
- buflen >= INT_MAX) {
+ if (uio->uio_resid < 0 || uio->uio_offset < 0 ||
+ uio->uio_resid > OFF_MAX - uio->uio_offset) {
error = EINVAL;
goto ret;
}
+ buflen = uio->uio_offset + uio->uio_resid;
if (buflen > MAXPHYS)
buflen = MAXPHYS;
OpenPOWER on IntegriCloud