CVS commit: src/sys/compat/common

Sat, 12 Mar 2022 07:54:31 -0800 

Module Name:    src
Committed By:   riastradh
Date:           Sat Mar 12 15:54:24 UTC 2022

Modified Files:
        src/sys/compat/common: vfs_syscalls_30.c

Log Message:
compat_30: Avoid what might be technically undefined behaviour.

Not sure advancing a user pointer by one for the purpose of making an
equality test fail later on is actually likely to be a problem, but
let's just pacify the sanitizer.

Reported-by: syzbot+758b18164c5c444f4...@syzkaller.appspotmail.com


To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/sys/compat/common/vfs_syscalls_30.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/compat/common/vfs_syscalls_30.c
diff -u src/sys/compat/common/vfs_syscalls_30.c:1.43 src/sys/compat/common/vfs_syscalls_30.c:1.44
--- src/sys/compat/common/vfs_syscalls_30.c:1.43	Tue Sep  7 11:43:02 2021
+++ src/sys/compat/common/vfs_syscalls_30.c	Sat Mar 12 15:54:23 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_syscalls_30.c,v 1.43 2021/09/07 11:43:02 riastradh Exp $	*/
+/*	$NetBSD: vfs_syscalls_30.c,v 1.44 2022/03/12 15:54:23 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2005, 2008 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_30.c,v 1.43 2021/09/07 11:43:02 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_30.c,v 1.44 2022/03/12 15:54:23 riastradh Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@@ -219,6 +219,7 @@ compat_30_sys_getdents(struct lwp *l,
 	int buflen, error, eofflag;
 	off_t *cookiebuf = NULL, *cookie;
 	int ncookies;
+	bool any = false;
 
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
@@ -285,7 +286,7 @@ again:
 		idb.d_reclen = _DIRENT_SIZE(&idb);
 		if (reclen > len || resid < idb.d_reclen) {
 			/* entry too big for buffer, so just stop */
-			outp++;
+			any = true;
 			break;
 		}
 		/*
@@ -305,10 +306,11 @@ again:
 		/* advance output past NetBSD-3.0-shaped entry */
 		outp += idb.d_reclen;
 		resid -= idb.d_reclen;
+		any = true;
 	}
 
 	/* if we squished out the whole block, try again */
-	if (outp == SCARG(uap, buf)) {
+	if (any) {
 		if (cookiebuf)
 			free(cookiebuf, M_TEMP);
 		cookiebuf = NULL;

Reply via email to