Module Name: src
Committed By: maxv
Date: Tue Aug 6 08:10:27 UTC 2019
Modified Files:
src/sys/uvm: uvm_mmap.c
Log Message:
Change 'npgs' from int to size_t. Otherwise the 64bit->32bit conversion
could lead to npgs=0, which is not expected. It later triggers a panic
in uvm_vsunlock().
Found by TriforceAFL (Akul Pillai).
To generate a diff of this commit:
cvs rdiff -u -r1.172 -r1.173 src/sys/uvm/uvm_mmap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/uvm/uvm_mmap.c
diff -u src/sys/uvm/uvm_mmap.c:1.172 src/sys/uvm/uvm_mmap.c:1.173
--- src/sys/uvm/uvm_mmap.c:1.172 Sat Apr 6 03:06:29 2019
+++ src/sys/uvm/uvm_mmap.c Tue Aug 6 08:10:27 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_mmap.c,v 1.172 2019/04/06 03:06:29 thorpej Exp $ */
+/* $NetBSD: uvm_mmap.c,v 1.173 2019/08/06 08:10:27 maxv Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -46,7 +46,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_mmap.c,v 1.172 2019/04/06 03:06:29 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_mmap.c,v 1.173 2019/08/06 08:10:27 maxv Exp $");
#include "opt_compat_netbsd.h"
#include "opt_pax.h"
@@ -132,7 +132,8 @@ sys_mincore(struct lwp *l, const struct
vaddr_t start, end, lim;
struct vm_map *map;
vsize_t len;
- int error = 0, npgs;
+ int error = 0;
+ size_t npgs;
map = &p->p_vmspace->vm_map;
