CVS commit: [netbsd-8] src/sys/dev

Tue, 01 Aug 2023 06:06:06 -0700 

Module Name:    src
Committed By:   martin
Date:           Tue Aug  1 13:05:57 UTC 2023

Modified Files:
        src/sys/dev [netbsd-8]: spkr.c

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1868):

        sys/dev/spkr.c: revision 1.25 (patch)

spkr(4): Avoid some overflow issues.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.7.2.1 src/sys/dev/spkr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/spkr.c
diff -u src/sys/dev/spkr.c:1.7 src/sys/dev/spkr.c:1.7.2.1
--- src/sys/dev/spkr.c:1.7	Thu Jun  1 09:44:30 2017
+++ src/sys/dev/spkr.c	Tue Aug  1 13:05:57 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: spkr.c,v 1.7 2017/06/01 09:44:30 pgoyette Exp $	*/
+/*	$NetBSD: spkr.c,v 1.7.2.1 2023/08/01 13:05:57 martin Exp $	*/
 
 /*
  * Copyright (c) 1990 Eric S. Raymond ([email protected])
@@ -43,7 +43,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: spkr.c,v 1.7 2017/06/01 09:44:30 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: spkr.c,v 1.7.2.1 2023/08/01 13:05:57 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -164,6 +164,7 @@ playtone(struct spkr_softc *sc, int pitc
 		    * snum / (val * sdenom));
 		return;
 	}
+	KASSERTMSG(pitch < __arraycount(pitchtab), "pitch=%d", pitch);
 
 	int fac = sc->sc_whole * (FILLTIME - sc->sc_fill);
 	int fval = FILLTIME * val;
@@ -189,6 +190,10 @@ playstring(struct spkr_softc *sc, const 
 
 #define GETNUM(cp, v)	\
 	for (v = 0; slen > 0 && isdigit((unsigned char)cp[1]); ) { \
+		if (v > INT_MAX/10 - (cp[1] - '0')) { \
+			v = INT_MAX; \
+			continue; \
+		} \
 		v = v * 10 + (*++cp - '0'); \
 		slen--; \
 	}
@@ -272,6 +277,8 @@ playstring(struct spkr_softc *sc, const 
 				slen--;
 			} else {
 				GETNUM(cp, sc->sc_octave);
+				KASSERTMSG(sc->sc_octave >= 0, "%d",
+				    sc->sc_octave);
 				if (sc->sc_octave >= NOCTAVES)
 					sc->sc_octave = DFLT_OCTAVE;
 				sc->sc_octprefix = true;
@@ -292,6 +299,9 @@ playstring(struct spkr_softc *sc, const 
 
 		case 'N':
 			GETNUM(cp, pitch);
+			KASSERTMSG(pitch >= 0, "pitch=%d", pitch);
+			if (pitch >= __arraycount(pitchtab))
+				break;
 			for (sustain = 0; slen > 0 && cp[1] == '.'; cp++) {
 				slen--;
 				sustain++;

Reply via email to