Avoid a panic and return EINVAL instead.

Merge from UFS r232692: syscall() fuzzing can trigger this panic. MFC after: 3 days
author: pfg <pfg@FreeBSD.org> 2013-07-08 20:21:36 +0000
committer: pfg <pfg@FreeBSD.org> 2013-07-08 20:21:36 +0000
commit: c91c27e5e002f330c8ea26265679580b16e36b3b (patch)
tree: 4f83cb49299a92d90ccac804a5f7572d6c754bce /sys/fs/ext2fs
parent: c5bbe954c0e89cd657179842dc5df922c86ef8ba (diff)
download: FreeBSD-src-c91c27e5e002f330c8ea26265679580b16e36b3b.zip
FreeBSD-src-c91c27e5e002f330c8ea26265679580b16e36b3b.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/fs/ext2fs/ext2_vnops.c b/sys/fs/ext2fs/ext2_vnops.c
index 0041e12..dc71696 100644
--- a/sys/fs/ext2fs/ext2_vnops.c
+++ b/sys/fs/ext2fs/ext2_vnops.c
@@ -1598,11 +1598,11 @@ ext2_read(struct vop_read_args *ap)
 	} else if (vp->v_type != VREG && vp->v_type != VDIR)
 		panic("%s: type %d", "ext2_read", vp->v_type);
 #endif
+	if (uio->uio_resid < 0 || uio->uio_offset < 0)
+		return (EINVAL);
 	orig_resid = uio->uio_resid;
-	KASSERT(orig_resid >= 0, ("ext2_read: uio->uio_resid < 0"));
 	if (orig_resid == 0)
 		return (0);
-	KASSERT(uio->uio_offset >= 0, ("ext2_read: uio->uio_offset < 0"));
 	fs = ip->i_e2fs;
 	if (uio->uio_offset < ip->i_size &&
 	    uio->uio_offset >= fs->e2fs_maxfilesize)
author	pfg <pfg@FreeBSD.org>	2013-07-08 20:21:36 +0000
committer	pfg <pfg@FreeBSD.org>	2013-07-08 20:21:36 +0000
commit	c91c27e5e002f330c8ea26265679580b16e36b3b (patch)
tree	4f83cb49299a92d90ccac804a5f7572d6c754bce /sys/fs/ext2fs
parent	c5bbe954c0e89cd657179842dc5df922c86ef8ba (diff)
download	FreeBSD-src-c91c27e5e002f330c8ea26265679580b16e36b3b.zip FreeBSD-src-c91c27e5e002f330c8ea26265679580b16e36b3b.tar.gz