diff options
| author | mjacob <mjacob@FreeBSD.org> | 2001-01-01 16:49:31 +0000 |
|---|---|---|
| committer | mjacob <mjacob@FreeBSD.org> | 2001-01-01 16:49:31 +0000 |
| commit | ebe888cdb74415e564b824cf464e654d108e64ae (patch) | |
| tree | aefd74f630c67146c5e5c0e63ffae15e9fa1a3f2 /sys | |
| parent | d8b31c79438e13fa5116adb4ed426f5769fbdd90 (diff) | |
| download | FreeBSD-src-ebe888cdb74415e564b824cf464e654d108e64ae.zip FreeBSD-src-ebe888cdb74415e564b824cf464e654d108e64ae.tar.gz | |
Sanity check ptr for legal values so it is less likely
(but not impossible) to get stuck in an infinite loop.
Obtained from: msmith@freebsd.org
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/dev/pci/pci.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/dev/pci/pci.c b/sys/dev/pci/pci.c index deb9428..523c21d 100644 --- a/sys/dev/pci/pci.c +++ b/sys/dev/pci/pci.c @@ -379,6 +379,12 @@ pci_read_extcap(device_t pcib, pcicfgregs *cfg) * Read capability entries. */ while (nextptr != 0) { + /* Sanity check */ + if (nextptr > 255) { + printf("illegal PCI extended capability offset %d\n", + nextptr); + return; + } /* Find the next entry */ ptr = nextptr; nextptr = REG(ptr + 1, 1); |
