diff options
author | peter <peter@FreeBSD.org> | 1998-05-02 03:02:13 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1998-05-02 03:02:13 +0000 |
commit | fc934d7995602a6c5277449e015ed2b34bd98529 (patch) | |
tree | 923eda7762d4c572e65de4ebc41e367dff0509ec /sys/vm/vm_page.c | |
parent | baae1397256ee57a982ceee6c1411d850793a01f (diff) | |
download | FreeBSD-src-fc934d7995602a6c5277449e015ed2b34bd98529.zip FreeBSD-src-fc934d7995602a6c5277449e015ed2b34bd98529.tar.gz |
Seatbelts for vm_page_bits() in case a file offset is passed in rather than
the page offset. If a large file offset was passed in, a large negative
array index could be generated which could cause page faults etc at worst
and file corruption at the least. (Pages are allocated within file
space on page alignment boundaries, so a file offset being passed in here
is harmless to DTRT. The case where this was happening has already been
fixed though, this is in case it happens again).
Reviewed by: dyson
Diffstat (limited to 'sys/vm/vm_page.c')
-rw-r--r-- | sys/vm/vm_page.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c index 982ed69..7c3b6f3 100644 --- a/sys/vm/vm_page.c +++ b/sys/vm/vm_page.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * from: @(#)vm_page.c 7.4 (Berkeley) 5/7/91 - * $Id: vm_page.c,v 1.97 1998/03/16 01:55:55 dyson Exp $ + * $Id: vm_page.c,v 1.98 1998/04/15 17:47:38 bde Exp $ */ /* @@ -1429,11 +1429,12 @@ vm_page_bits(int base, int size) return VM_PAGE_BITS_ALL; size = (size + DEV_BSIZE - 1) & ~(DEV_BSIZE - 1); + base &= PAGE_MASK; if (size > PAGE_SIZE - base) { size = PAGE_SIZE - base; } - base = (base % PAGE_SIZE) / DEV_BSIZE; + base = base / DEV_BSIZE; chunk = vm_page_dev_bsize_chunks[size / DEV_BSIZE]; return (chunk << base) & VM_PAGE_BITS_ALL; } |