diff options
author | marcel <marcel@FreeBSD.org> | 2003-08-16 01:49:38 +0000 |
---|---|---|
committer | marcel <marcel@FreeBSD.org> | 2003-08-16 01:49:38 +0000 |
commit | 0cde071e2fbd00d8fd7bd3c9af274dc1d4f66a32 (patch) | |
tree | 198638df72e4097a76698e3016099132ba17e191 /sys/ia64 | |
parent | 52c5328900a6941ae49525fa64862f0842f3f2e9 (diff) | |
download | FreeBSD-src-0cde071e2fbd00d8fd7bd3c9af274dc1d4f66a32.zip FreeBSD-src-0cde071e2fbd00d8fd7bd3c9af274dc1d4f66a32.tar.gz |
Fix a range check bug. Don't left-shift the integer argument 'data'.
Sign extension happens after the shift, not before so that boundary
cases like 0x40000000 will not be caught properly.
Instead, right shift ndirty. It is guaranteed to be a multiple of 8.
While here, do some manual code motion and code commoning.
Range check bug pointed out by: iedowse
Diffstat (limited to 'sys/ia64')
-rw-r--r-- | sys/ia64/ia64/ptrace_machdep.c | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/sys/ia64/ia64/ptrace_machdep.c b/sys/ia64/ia64/ptrace_machdep.c index 90c17c6..0f269e2 100644 --- a/sys/ia64/ia64/ptrace_machdep.c +++ b/sys/ia64/ia64/ptrace_machdep.c @@ -40,26 +40,21 @@ cpu_ptrace(struct thread *td, int req, void *addr, int data) uint64_t *kstack; int error; - error = 0; + error = EINVAL; + tf = td->td_frame; + switch (req) { case PT_GETKSTACK: - tf = td->td_frame; - if (data >= 0 && (data << 3) < tf->tf_special.ndirty) { + if (data >= 0 && data < (tf->tf_special.ndirty >> 3)) { kstack = (uint64_t*)td->td_kstack; error = copyout(kstack + data, addr, 8); - } else - error = EINVAL; + } break; case PT_SETKSTACK: - tf = td->td_frame; - if (data >= 0 && (data << 3) < tf->tf_special.ndirty) { + if (data >= 0 && data < (tf->tf_special.ndirty >> 3)) { kstack = (uint64_t*)td->td_kstack; error = copyin(addr, kstack + data, 8); - } else - error = EINVAL; - break; - default: - error = EINVAL; + } break; } |