[PATCH] device/chario.c (char_write): avoid segmentation fault

Sat, 14 Dec 2013 09:00:09 -0800 

This is a better version of this patch:

http://lists.gnu.org/archive/html/bug-hurd/2013-12/msg00400.html

It uses strlen(), instead of reimplementing it.

* device/chario.c: Include string.h.
(char_write): New if statement.

---
 device/chario.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/device/chario.c b/device/chario.c
index 91bd8e8..962e151 100644
--- a/device/chario.c
+++ b/device/chario.c
@@ -31,6 +31,8 @@
  *     Compatibility with old TTY device drivers.
  */
 
+#include <string.h>
+
 #include <mach/kern_return.h>
 #include <mach/mig_errors.h>
 #include <mach/vm_param.h>
@@ -268,6 +270,9 @@ io_return_t char_write(
            vm_map_copy_t copy = (vm_map_copy_t) data;
            kern_return_t kr;
 
+           if (strlen(data) != sizeof(struct vm_map_copy))
+               return KERN_INVALID_ARGUMENT;
+
            kr = vm_map_copyout(device_io_map, &addr, copy);
            if (kr != KERN_SUCCESS)
                return kr;
-- 
1.8.1.4

Reply via email to