Page MenuHomeFreeBSD
Files F140946825

D26569.id77666.diff
No OneTemporary
Actions

D26569.id77666.diff
View Options

Index: head/sys/kern/vfs_vnops.c
===================================================================
--- head/sys/kern/vfs_vnops.c
+++ head/sys/kern/vfs_vnops.c
@@ -2790,25 +2790,31 @@
{
int error;
size_t len;
- uint64_t uvalin, uvalout;
+ uint64_t uval;
len = *lenp;
*lenp = 0; /* For error returns. */
error = 0;
/* Do some sanity checks on the arguments. */
- uvalin = *inoffp;
- uvalin += len;
- uvalout = *outoffp;
- uvalout += len;
if (invp->v_type == VDIR || outvp->v_type == VDIR)
error = EISDIR;
- else if (*inoffp < 0 || uvalin > INT64_MAX || uvalin <
- (uint64_t)*inoffp || *outoffp < 0 || uvalout > INT64_MAX ||
- uvalout < (uint64_t)*outoffp || invp->v_type != VREG ||
- outvp->v_type != VREG)
+ else if (*inoffp < 0 || *outoffp < 0 ||
+ invp->v_type != VREG || outvp->v_type != VREG)
error = EINVAL;
if (error != 0)
+ goto out;
+
+ /* Ensure offset + len does not wrap around. */
+ uval = *inoffp;
+ uval += len;
+ if (uval > INT64_MAX)
+ len = INT64_MAX - *inoffp;
+ uval = *outoffp;
+ uval += len;
+ if (uval > INT64_MAX)
+ len = INT64_MAX - *outoffp;
+ if (len == 0)
goto out;
/*

File Metadata

Mime Type
text/plain
Expires
Tue, Dec 30, 11:37 PM (2 h, 21 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
27396365
Default Alt Text
D26569.id77666.diff (1 KB)

Event Timeline