From 82072599177f6e7fde8fada3a4c0c8b8612020e7 Mon Sep 17 00:00:00 2001 From: tjr Date: Sun, 12 Jan 2003 09:40:23 +0000 Subject: Allowing nent < 0 in aio_suspend() and lio_listio() is just asking for trouble. Return EINVAL instead. --- sys/kern/vfs_aio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c index 9d24702..23e49d5 100644 --- a/sys/kern/vfs_aio.c +++ b/sys/kern/vfs_aio.c @@ -1612,7 +1612,7 @@ aio_suspend(struct thread *td, struct aio_suspend_args *uap) long *ijoblist; struct aiocb **ujoblist; - if (uap->nent > AIO_LISTIO_MAX) + if (uap->nent < 0 || uap->nent > AIO_LISTIO_MAX) return EINVAL; timo = 0; @@ -1946,7 +1946,7 @@ lio_listio(struct thread *td, struct lio_listio_args *uap) return EINVAL; nent = uap->nent; - if (nent > AIO_LISTIO_MAX) + if (nent < 0 || nent > AIO_LISTIO_MAX) return EINVAL; if (p->p_aioinfo == NULL) -- cgit v1.1