Module Name: src
Committed By: riastradh
Date: Mon Aug 8 22:31:45 UTC 2022
Modified Files:
src/sys/kern: kern_ras.c
Log Message:
rasctl(2): Avoid arithmetic overflow.
Reported-by: [email protected]
https://syzkaller.appspot.com/bug?id=8fb9b5dee9b056e4f8ad3b937dc5be1296608c5f
To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 src/sys/kern/kern_ras.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_ras.c
diff -u src/sys/kern/kern_ras.c:1.41 src/sys/kern/kern_ras.c:1.42
--- src/sys/kern/kern_ras.c:1.41 Wed Aug 3 09:40:25 2022
+++ src/sys/kern/kern_ras.c Mon Aug 8 22:31:45 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_ras.c,v 1.41 2022/08/03 09:40:25 riastradh Exp $ */
+/* $NetBSD: kern_ras.c,v 1.42 2022/08/08 22:31:45 riastradh Exp $ */
/*-
* Copyright (c) 2002, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ras.c,v 1.41 2022/08/03 09:40:25 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ras.c,v 1.42 2022/08/08 22:31:45 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -218,16 +218,15 @@ static int
ras_purge(void *addr, size_t len)
{
struct ras *rp, **link;
- void *endaddr;
proc_t *p;
- endaddr = (char *)addr + len;
p = curproc;
mutex_enter(&p->p_auxlock);
link = &p->p_raslist;
for (rp = *link; rp != NULL; link = &rp->ras_next, rp = *link) {
- if (addr == rp->ras_startaddr && endaddr == rp->ras_endaddr)
+ if (addr == rp->ras_startaddr &&
+ (char *)rp->ras_endaddr - (char *)rp->ras_startaddr == len)
break;
}
if (rp != NULL) {
