Below another min() -> ulmin() conversion to prevent integer overflow.
The size (tmp - buf) passed to uiomovei() is essentially bound by the
'count' variable, thus convert to uiomove().
Index: arch/amd64/amd64/nvram.c
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/nvram.c,v
retrieving revision 1.3
diff -u -p -r1.3 nvram.c
--- arch/amd64/amd64/nvram.c 14 Mar 2015 03:38:46 -0000 1.3
+++ arch/amd64/amd64/nvram.c 9 Apr 2015 17:50:54 -0000
@@ -94,7 +94,7 @@ nvramread(dev_t dev, struct uio *uio, in
u_char buf[NVRAM_SIZE];
u_int pos = uio->uio_offset;
u_char *tmp;
- int count = min(sizeof(buf), uio->uio_resid);
+ size_t count = ulmin(sizeof(buf), uio->uio_resid);
int ret;
if (!nvram_initialized)
@@ -104,7 +104,7 @@ nvramread(dev_t dev, struct uio *uio, in
return (0);
#ifdef NVRAM_DEBUG
- printf("attempting to read %d bytes at offset %d\n", count, pos);
+ printf("attempting to read %zu bytes at offset %d\n", count, pos);
#endif
for (tmp = buf; count-- > 0 && pos < NVRAM_SIZE; ++pos, ++tmp)
@@ -114,7 +114,7 @@ nvramread(dev_t dev, struct uio *uio, in
printf("nvramread read %d bytes (%s)\n", (tmp - buf), tmp);
#endif
- ret = uiomovei((caddr_t)buf, (tmp - buf), uio);
+ ret = uiomove((caddr_t)buf, (tmp - buf), uio);
uio->uio_offset += uio->uio_resid;
cheers,
natano
