Module Name: src
Committed By: riastradh
Date: Sat Oct 15 15:23:24 UTC 2022
Modified Files:
src/sys/kern: subr_kobj.c
Log Message:
kobj(9): Avoid arithmetic overflow in overflow detection.
To generate a diff of this commit:
cvs rdiff -u -r1.70 -r1.71 src/sys/kern/subr_kobj.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/subr_kobj.c
diff -u src/sys/kern/subr_kobj.c:1.70 src/sys/kern/subr_kobj.c:1.71
--- src/sys/kern/subr_kobj.c:1.70 Sat Oct 15 15:22:27 2022
+++ src/sys/kern/subr_kobj.c Sat Oct 15 15:23:24 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_kobj.c,v 1.70 2022/10/15 15:22:27 riastradh Exp $ */
+/* $NetBSD: subr_kobj.c,v 1.71 2022/10/15 15:23:24 riastradh Exp $ */
/*
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_kobj.c,v 1.70 2022/10/15 15:22:27 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_kobj.c,v 1.71 2022/10/15 15:23:24 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_modular.h"
@@ -1154,7 +1154,8 @@ kobj_read_mem(kobj_t ko, void **basep, s
(unsigned long long)off);
error = EINVAL;
base = NULL;
- } else if (ko->ko_memsize != -1 && off + size > ko->ko_memsize) {
+ } else if (ko->ko_memsize != -1 &&
+ (size > ko->ko_memsize || off > ko->ko_memsize - size)) {
kobj_error(ko, "preloaded object short");
error = EINVAL;
base = NULL;
