In moduledir_readhints() cast the value returned by sizeof() to ssize_t

when checking whether it's greater than a struct stat st_size in order to also catch the case when st_size is -1. Previously this check didn't trigger on sparc64 when st_size is -1 (as it's the case for a file on a bzipfs, TFTP server etc.), causing the content of the linker hints file to be copied to memory referenced by a null-pointer. PR: 91231 MFC after: 1 week
author: marius <marius@FreeBSD.org> 2006-01-12 13:18:49 +0000
committer: marius <marius@FreeBSD.org> 2006-01-12 13:18:49 +0000
commit: c40cc2b1b305d7e282dde753dd287f27dee361f9 (patch)
tree: 0f44309cf05941140128f17ab9c0bd112052eee3 /sys/boot
parent: 402d4e2682da8d6457b915d4c089122644940011 (diff)
download: FreeBSD-src-c40cc2b1b305d7e282dde753dd287f27dee361f9.zip
FreeBSD-src-c40cc2b1b305d7e282dde753dd287f27dee361f9.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/boot/common/module.c b/sys/boot/common/module.c
index ae93426..adeb1b8 100644
--- a/sys/boot/common/module.c
+++ b/sys/boot/common/module.c
@@ -864,7 +864,8 @@ moduledir_readhints(struct moduledir *mdp)
     if (mdp->d_hints != NULL || (mdp->d_flags & MDIR_NOHINTS))
 	return;
     path = moduledir_fullpath(mdp, "linker.hints");
-    if (stat(path, &st) != 0 || st.st_size < (sizeof(version) + sizeof(int)) ||
+    if (stat(path, &st) != 0 ||
+	st.st_size < (ssize_t)(sizeof(version) + sizeof(int)) ||
 	st.st_size > 100 * 1024 || (fd = open(path, O_RDONLY)) < 0) {
 	free(path);
 	mdp->d_flags |= MDIR_NOHINTS;
author	marius <marius@FreeBSD.org>	2006-01-12 13:18:49 +0000
committer	marius <marius@FreeBSD.org>	2006-01-12 13:18:49 +0000
commit	c40cc2b1b305d7e282dde753dd287f27dee361f9 (patch)
tree	0f44309cf05941140128f17ab9c0bd112052eee3 /sys/boot
parent	402d4e2682da8d6457b915d4c089122644940011 (diff)
download	FreeBSD-src-c40cc2b1b305d7e282dde753dd287f27dee361f9.zip FreeBSD-src-c40cc2b1b305d7e282dde753dd287f27dee361f9.tar.gz