From 07e5594c026805908fc316a7eb9f2798559b1776 Mon Sep 17 00:00:00 2001
From: dchagin <dchagin@FreeBSD.org>
Date: Sat, 9 Jan 2016 18:32:52 +0000
Subject: MFC r289055 (by mjg@):

 linux: fix handling of out-of-bounds syscall attempts

 Due to an off by one the code would read an entry past the table, as
 opposed to the last entry which contains the nosys handler.

 This fixes my fault.

MFC r289058 (by cem@):

 Fix missing semi-colon from r289055.

MFC r289768 (by jhb@):

 Merge r289055 to amd64/linux32:

 linux: fix handling of out-of-bounds syscall attempts

 Due to an off by one the code would read an entry past the table, as
 opposed to the last entry which contains the nosys handler.
---
 sys/i386/linux/linux_sysvec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sys/i386/linux/linux_sysvec.c')

diff --git a/sys/i386/linux/linux_sysvec.c b/sys/i386/linux/linux_sysvec.c
index acf23ac..7c980ce 100644
--- a/sys/i386/linux/linux_sysvec.c
+++ b/sys/i386/linux/linux_sysvec.c
@@ -866,7 +866,7 @@ linux_fetch_syscall_args(struct thread *td, struct syscall_args *sa)
 
 	if (sa->code >= p->p_sysent->sv_size)
 		/* nosys */
-		sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL];
+		sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1];
  	else
  		sa->callp = &p->p_sysent->sv_table[sa->code];
 	sa->narg = sa->callp->sy_narg;
-- 
cgit v1.1