From 5a1f4173f593acdd28aaddd12d95b36a0dba6977 Mon Sep 17 00:00:00 2001
From: phk <phk@FreeBSD.org>
Date: Sat, 22 Mar 2008 16:32:52 +0000
Subject: In abort2(2): Accept a NULL arg pointer if nargs == 0

---
 sys/kern/kern_exit.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'sys/kern/kern_exit.c')

diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
index d2e22e9..d0d487d 100644
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -570,11 +570,13 @@ abort2(struct thread *td, struct abort2_args *uap)
 	/* Prevent from DoSes from user-space. */
 	if (uap->nargs < 0 || uap->nargs > 16)
 		goto out;
-	if (uap->args == NULL)
-		goto out;
-	error = copyin(uap->args, uargs, uap->nargs * sizeof(void *));
-	if (error != 0)
-		goto out;
+	if (uap->nargs > 0) {
+		if (uap->args == NULL)
+			goto out;
+		error = copyin(uap->args, uargs, uap->nargs * sizeof(void *));
+		if (error != 0)
+			goto out;
+	}
 	/*
 	 * Limit size of 'reason' string to 128. Will fit even when
 	 * maximal number of arguments was chosen to be logged.
@@ -586,7 +588,7 @@ abort2(struct thread *td, struct abort2_args *uap)
 	} else {
 		sbuf_printf(sb, "(null)");
 	}
-	if (uap->nargs) {
+	if (uap->nargs > 0) {
 		sbuf_printf(sb, "(");
 		for (i = 0;i < uap->nargs; i++)
 			sbuf_printf(sb, "%s%p", i == 0 ? "" : ", ", uargs[i]);
-- 
cgit v1.1