svn commit: r232692 - head/sys/ufs/ffs

Peter Holm Thu, 08 Mar 2012 04:50:09 -0800

Author: pho
Date: Thu Mar  8 12:49:08 2012
New Revision: 232692
URL: http://svn.freebsd.org/changeset/base/232692


Log:
  syscall() fuzzing can trigger this panic. Return EINVAL instead.
  
  MFC after:    1 week

Modified:
  head/sys/ufs/ffs/ffs_vnops.c

Modified: head/sys/ufs/ffs/ffs_vnops.c
==============================================================================
--- head/sys/ufs/ffs/ffs_vnops.c        Thu Mar  8 11:05:53 2012        
(r232691)
+++ head/sys/ufs/ffs/ffs_vnops.c        Thu Mar  8 12:49:08 2012        
(r232692)
@@ -464,11 +464,11 @@ ffs_read(ap)
        } else if (vp->v_type != VREG && vp->v_type != VDIR)
                panic("ffs_read: type %d",  vp->v_type);
 #endif
+       if (uio->uio_resid < 0 || uio->uio_offset < 0)
+               return (EINVAL);
        orig_resid = uio->uio_resid;
-       KASSERT(orig_resid >= 0, ("ffs_read: uio->uio_resid < 0"));
        if (orig_resid == 0)
                return (0);
-       KASSERT(uio->uio_offset >= 0, ("ffs_read: uio->uio_offset < 0"));
        fs = ip->i_fs;
        if (uio->uio_offset < ip->i_size &&
            uio->uio_offset >= fs->fs_maxfilesize)
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r232692 - head/sys/ufs/ffs

Reply via email to