[src/trunk]: src/sys/fs/udf Improve misleading variable name. Related to PR 5...

[dholland <dholland%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9e4042bcd3ae
branches:  trunk
changeset: 342373:9e4042bcd3ae
user:      dholland <dholland%NetBSD.org@localhost>
date:      Sat Dec 19 03:16:09 2015 +0000

description:
Improve misleading variable name. Related to PR 50571.

XXX: also there should be real bounds-check logic in here.
XXX: if the on-disk data structure contains rubbish this code will
XXX: leak or trample arbitrary kernel memory.

diffstat:

 sys/fs/udf/udf_subr.c |  17 +++++++++++------
 1 files changed, 11 insertions(+), 6 deletions(-)

diffs (57 lines):

diff -r 918f48872af3 -r 9e4042bcd3ae sys/fs/udf/udf_subr.c
--- a/sys/fs/udf/udf_subr.c     Sat Dec 19 01:51:42 2015 +0000
+++ b/sys/fs/udf/udf_subr.c     Sat Dec 19 03:16:09 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: udf_subr.c,v 1.134 2015/12/19 01:51:42 christos Exp $ */
+/* $NetBSD: udf_subr.c,v 1.135 2015/12/19 03:16:09 dholland Exp $ */
 
 /*
  * Copyright (c) 2006, 2008 Reinoud Zandijk
@@ -29,7 +29,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__KERNEL_RCSID(0, "$NetBSD: udf_subr.c,v 1.134 2015/12/19 01:51:42 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udf_subr.c,v 1.135 2015/12/19 03:16:09 dholland Exp $");
 #endif /* not lint */
 
 
@@ -6438,21 +6438,26 @@
        struct extfile_entry *efe = node->efe;
        uint64_t inflen;
        uint32_t sector_size;
-       uint8_t  *pos;
+       uint8_t  *srcpos;
        int icbflags, addr_type;
 
        /* get extent and do some paranoia checks */
        ump = node->ump;
        sector_size = ump->discinfo.sector_size;
 
+       /*
+        * XXX there should be real bounds-checking logic here,
+        * in case ->l_ea or ->inf_len contains nonsense.
+        */
+
        if (fe) {
                inflen   = udf_rw64(fe->inf_len);
-               pos      = &fe->data[0] + udf_rw32(fe->l_ea);
+               srcpos   = &fe->data[0] + udf_rw32(fe->l_ea);
                icbflags = udf_rw16(fe->icbtag.flags);
        } else {
                assert(node->efe);
                inflen   = udf_rw64(efe->inf_len);
-               pos      = &efe->data[0] + udf_rw32(efe->l_ea);
+               srcpos   = &efe->data[0] + udf_rw32(efe->l_ea);
                icbflags = udf_rw16(efe->icbtag.flags);
        }
        addr_type = icbflags & UDF_ICB_TAG_FLAGS_ALLOC_MASK;
@@ -6462,7 +6467,7 @@
        assert(inflen < sector_size);
 
        /* copy out info */
-       memcpy(blob, pos, inflen);
+       memcpy(blob, srcpos, inflen);
        memset(&blob[inflen], 0, sector_size - inflen);
 
        return 0;