Subject: kern/35278: veriexec sometimes feeds user va to log(9)
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 12/19/2006 06:05:00
>Number: 35278
>Category: kern
>Synopsis: veriexec sometimes feeds user va to log(9)
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Dec 19 06:05:00 +0000 2006
>Originator: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release: NetBSD 4.99.6
>Organization:
>Environment:
System: NetBSD bear.yamanet 4.99.6 NetBSD 4.99.6 (build.bear3) #3: Sat Dec 16 01:25:17 JST 2006 takashi@kaeru:/usr/home/takashi/work/kernel/build.bear3 i386
Architecture: i386
Machine: i386
>Description:
veriexec sometimes feeds user va to log(9).
>How-To-Repeat:
run it on m68k? or run it on i386 with the following patch.
Index: subr_prf.c
===================================================================
--- subr_prf.c (revision 1785)
+++ subr_prf.c (working copy)
@@ -1238,6 +1238,9 @@ reswitch: switch (ch) {
if ((cp = va_arg(ap, char *)) == NULL)
/*XXXUNCONST*/
cp = __UNCONST("(null)");
+#if defined(__i386__)
+ KASSERT(VM_MIN_KERNEL_ADDRESS <= (vaddr_t)cp);
+#endif
if (prec >= 0) {
/*
* can't use strlen; can only look for the
>Fix:
>Unformatted: