Author: yongari
Date: Thu Jan 5 21:18:34 2012
New Revision: 229650
URL: http://svn.freebsd.org/changeset/base/229650
Log:
MFC r228286:
Fix off by one error in mbuf access. Previously it caused panic.
While I'm here use NULL to compare mbuf pointer and add additional
check for zero length mbuf before accessing the mbuf.
PR: kern/162932
Modified:
stable/7/sys/dev/ed/if_ed.c
Directory Properties:
stable/7/sys/ (props changed)
stable/7/sys/cddl/contrib/opensolaris/ (props changed)
stable/7/sys/contrib/dev/acpica/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
Modified: stable/7/sys/dev/ed/if_ed.c
==============================================================================
--- stable/7/sys/dev/ed/if_ed.c Thu Jan 5 21:17:06 2012 (r229649)
+++ stable/7/sys/dev/ed/if_ed.c Thu Jan 5 21:18:34 2012 (r229650)
@@ -1689,12 +1689,19 @@ ed_shmem_write_mbufs(struct ed_softc *sc
break;
}
}
- for (len = 0; m != 0; m = m->m_next) {
- if (sc->isa16bit)
- bus_space_write_region_2(sc->mem_bst,
- sc->mem_bsh, dst,
- mtod(m, uint16_t *), (m->m_len + 1)/ 2);
- else
+ for (len = 0; m != NULL; m = m->m_next) {
+ if (m->m_len == 0)
+ continue;
+ if (sc->isa16bit) {
+ if (m->m_len > 1)
+ bus_space_write_region_2(sc->mem_bst,
+ sc->mem_bsh, dst,
+ mtod(m, uint16_t *), m->m_len / 2);
+ if ((m->m_len & 1) != 0)
+ bus_space_write_1(sc->mem_bst, sc->mem_bsh,
+ dst + m->m_len - 1,
+ *(mtod(m, uint8_t *) + m->m_len - 1));
+ } else
bus_space_write_region_1(sc->mem_bst,
sc->mem_bsh, dst,
mtod(m, uint8_t *), m->m_len);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
