diff options
author | kib <kib@FreeBSD.org> | 2013-11-20 19:41:00 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2013-11-20 19:41:00 +0000 |
commit | e4deb800b079b97862b81dea42b242508a899080 (patch) | |
tree | ac28ed25b5c3f8177eea0318478f31d4c8e1a1e8 /sys/fs/pseudofs/pseudofs_vnops.c | |
parent | 54b247ccebdd24c78003d2d436c54bd68fa63a36 (diff) | |
download | FreeBSD-src-e4deb800b079b97862b81dea42b242508a899080.zip FreeBSD-src-e4deb800b079b97862b81dea42b242508a899080.tar.gz |
Redo r258088 to avoid relying on signed arithmetic overflow, since
compiler interprets this as an undefined behaviour. Instead, ensure
that the sum of uio_offset and uio_resid is below OFF_MAX using the
operation which cannot overflow.
Reported and tested by: pho
Discussed with: bde
Approved by: des (pseudofs maintainer)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Diffstat (limited to 'sys/fs/pseudofs/pseudofs_vnops.c')
-rw-r--r-- | sys/fs/pseudofs/pseudofs_vnops.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c index b6021b1..f00b4b2 100644 --- a/sys/fs/pseudofs/pseudofs_vnops.c +++ b/sys/fs/pseudofs/pseudofs_vnops.c @@ -616,8 +616,7 @@ pfs_read(struct vop_read_args *va) struct proc *proc; struct sbuf *sb = NULL; int error, locked; - off_t offset; - ssize_t buflen, resid; + off_t buflen; PFS_TRACE(("%s", pn->pn_name)); pfs_assert_not_owned(pn); @@ -654,16 +653,12 @@ pfs_read(struct vop_read_args *va) goto ret; } - resid = uio->uio_resid; - offset = uio->uio_offset; - buflen = offset + resid; - - /* beaucoup sanity checks so we don't ask for bogus allocation */ - if (resid < 0 || buflen < offset || buflen < resid || - buflen >= INT_MAX) { + if (uio->uio_resid < 0 || uio->uio_offset < 0 || + uio->uio_resid > OFF_MAX - uio->uio_offset) { error = EINVAL; goto ret; } + buflen = uio->uio_offset + uio->uio_resid; if (buflen > MAXPHYS) buflen = MAXPHYS; |