Date: Mon, 8 Jul 2013 20:21:36 +0000 (UTC) From: "Pedro F. Giffuni" <pfg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r253045 - head/sys/fs/ext2fs Message-ID: <201307082021.r68KLanT005030@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pfg Date: Mon Jul 8 20:21:36 2013 New Revision: 253045 URL: http://svnweb.freebsd.org/changeset/base/253045 Log: Avoid a panic and return EINVAL instead. Merge from UFS r232692: syscall() fuzzing can trigger this panic. MFC after: 3 days Modified: head/sys/fs/ext2fs/ext2_vnops.c Modified: head/sys/fs/ext2fs/ext2_vnops.c ============================================================================== --- head/sys/fs/ext2fs/ext2_vnops.c Mon Jul 8 19:40:50 2013 (r253044) +++ head/sys/fs/ext2fs/ext2_vnops.c Mon Jul 8 20:21:36 2013 (r253045) @@ -1598,11 +1598,11 @@ ext2_read(struct vop_read_args *ap) } else if (vp->v_type != VREG && vp->v_type != VDIR) panic("%s: type %d", "ext2_read", vp->v_type); #endif + if (uio->uio_resid < 0 || uio->uio_offset < 0) + return (EINVAL); orig_resid = uio->uio_resid; - KASSERT(orig_resid >= 0, ("ext2_read: uio->uio_resid < 0")); if (orig_resid == 0) return (0); - KASSERT(uio->uio_offset >= 0, ("ext2_read: uio->uio_offset < 0")); fs = ip->i_e2fs; if (uio->uio_offset < ip->i_size && uio->uio_offset >= fs->e2fs_maxfilesize)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307082021.r68KLanT005030>