Author: ken
Date: Tue Jun 7 05:04:37 2011
New Revision: 222804
URL: http://svn.freebsd.org/changeset/base/222804
Log:
Set pca.p_bufr to NULL when we haven't allocated a buffer.
Otherwise, p_bufr is set to garbage on the stack, and if that garbage
happens to be non-NULL, and the TOLOG or TOCONS flag is set, putbuf()
will get called and attempt to fill the non-existent buffer.
This is really only relevant for tprintf() (and only when the priority is
not -1), but set it in uprintf() and ttyprintf() for completeness.
The next step, to avoid log buffer scrambling, would be to add the
PRINTF_BUFR_SIZE code to tprintf(), but this should prevent panics.
Submitted by: rmacklem
Found by: pho
Modified:
head/sys/kern/subr_prf.c
Modified: head/sys/kern/subr_prf.c
==============================================================================
--- head/sys/kern/subr_prf.c Tue Jun 7 04:38:33 2011 (r222803)
+++ head/sys/kern/subr_prf.c Tue Jun 7 05:04:37 2011 (r222804)
@@ -163,6 +163,7 @@ uprintf(const char *fmt, ...)
goto out;
}
pca.flags = TOTTY;
+ pca.p_bufr = NULL;
va_start(ap, fmt);
tty_lock(pca.tty);
retval = kvprintf(fmt, putchar, &pca, 10, ap);
@@ -206,6 +207,7 @@ tprintf(struct proc *p, int pri, const c
pca.pri = pri;
pca.tty = tp;
pca.flags = flags;
+ pca.p_bufr = NULL;
va_start(ap, fmt);
if (pca.tty != NULL)
tty_lock(pca.tty);
@@ -234,6 +236,7 @@ ttyprintf(struct tty *tp, const char *fm
va_start(ap, fmt);
pca.tty = tp;
pca.flags = TOTTY;
+ pca.p_bufr = NULL;
retval = kvprintf(fmt, putchar, &pca, 10, ap);
va_end(ap);
return (retval);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
