Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern posix_fadvise(2): Detect arithmetic overflow withou...
details: https://anonhg.NetBSD.org/src/rev/97c04191fc59
branches: trunk
changeset: 363913:97c04191fc59
user: riastradh <riastradh%NetBSD.org@localhost>
date: Tue Mar 15 10:37:42 2022 +0000
description:
posix_fadvise(2): Detect arithmetic overflow without UB.
Reported-by: syzbot+18f01abff11bd527c464%syzkaller.appspotmail.com@localhost
diffstat:
sys/kern/sys_descrip.c | 13 +++++++------
1 files changed, 7 insertions(+), 6 deletions(-)
diffs (48 lines):
diff -r 5381114b5cb4 -r 97c04191fc59 sys/kern/sys_descrip.c
--- a/sys/kern/sys_descrip.c Tue Mar 15 00:05:17 2022 +0000
+++ b/sys/kern/sys_descrip.c Tue Mar 15 10:37:42 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_descrip.c,v 1.38 2021/09/11 10:09:13 riastradh Exp $ */
+/* $NetBSD: sys_descrip.c,v 1.39 2022/03/15 10:37:42 riastradh Exp $ */
/*-
* Copyright (c) 2008, 2020 The NetBSD Foundation, Inc.
@@ -67,7 +67,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_descrip.c,v 1.38 2021/09/11 10:09:13 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_descrip.c,v 1.39 2022/03/15 10:37:42 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -672,6 +672,7 @@
int
do_posix_fadvise(int fd, off_t offset, off_t len, int advice)
{
+ const off_t OFF_MAX = __type_max(off_t);
file_t *fp;
vnode_t *vp;
off_t endoffset;
@@ -685,8 +686,8 @@
return EINVAL;
}
if (len == 0) {
- endoffset = INT64_MAX;
- } else if (len > 0 && (INT64_MAX - offset) >= len) {
+ endoffset = OFF_MAX;
+ } else if (len > 0 && (OFF_MAX - offset) >= len) {
endoffset = offset + len;
} else {
return EINVAL;
@@ -743,8 +744,8 @@
* region. It means that if the specified region is smaller
* than PAGE_SIZE, we do nothing.
*/
- if (round_page(offset) < trunc_page(endoffset) &&
- offset <= round_page(offset)) {
+ if (offset <= trunc_page(OFF_MAX) &&
+ round_page(offset) < trunc_page(endoffset)) {
rw_enter(vp->v_uobj.vmobjlock, RW_WRITER);
error = VOP_PUTPAGES(vp,
round_page(offset), trunc_page(endoffset),
Home |
Main Index |
Thread Index |
Old Index