i386/nvram.c uiomove() conversion

Mon, 04 Jan 2016 00:15:31 -0800 

Below a diff to convert i386/nvram.c to use uiomove(). A similar diff
for amd64 has already been committed. (See
https://marc.info/?l=openbsd-tech&m=142860367111291) Also, pos is
converted to off_t for both amd64 and i386 to prevent truncation and
signedness mismatch. Calling nvramread() with a uio_offset < 0 produced
unexpected results before. The patch adds a check to disallow such a
call.

cheers,
natano

Index: arch//amd64/amd64/nvram.c
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/nvram.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 nvram.c
--- arch//amd64/amd64/nvram.c   11 May 2015 01:56:26 -0000      1.4
+++ arch//amd64/amd64/nvram.c   1 Jan 2016 12:29:43 -0000
@@ -92,7 +92,7 @@ int
 nvramread(dev_t dev, struct uio *uio, int flags)
 {
        u_char buf[NVRAM_SIZE];
-       u_int pos = uio->uio_offset;
+       off_t pos = uio->uio_offset;
        u_char *tmp;
        size_t count = ulmin(sizeof(buf), uio->uio_resid);
        int ret;
@@ -100,11 +100,14 @@ nvramread(dev_t dev, struct uio *uio, in
        if (!nvram_initialized)
                return (ENXIO);
 
+       if (uio->uio_offset < 0)
+               return (EINVAL);
+
        if (uio->uio_resid == 0)
                return (0);
 
 #ifdef NVRAM_DEBUG
-       printf("attempting to read %zu bytes at offset %d\n", count, pos);
+       printf("attempting to read %zu bytes at offset %lld\n", count, pos);
 #endif
 
        for (tmp = buf; count-- > 0 && pos < NVRAM_SIZE; ++pos, ++tmp)
Index: arch//i386/i386/nvram.c
===================================================================
RCS file: /cvs/src/sys/arch/i386/i386/nvram.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 nvram.c
--- arch//i386/i386/nvram.c     10 Feb 2015 21:56:09 -0000      1.4
+++ arch//i386/i386/nvram.c     1 Jan 2016 12:29:49 -0000
@@ -93,29 +93,32 @@ int
 nvramread(dev_t dev, struct uio *uio, int flags)
 {
        u_char buf[NVRAM_SIZE];
-       u_int pos = uio->uio_offset;
+       off_t pos = uio->uio_offset;
        u_char *tmp;
-       int count = min(sizeof(buf), uio->uio_resid);
+       size_t count = ulmin(sizeof(buf), uio->uio_resid);
        int ret;
 
        if (!nvram_initialized)
                return (ENXIO);
 
+       if (uio->uio_offset < 0)
+               return (EINVAL);
+
        if (uio->uio_resid == 0)
                return (0);
 
 #ifdef NVRAM_DEBUG
-       printf("attempting to read %d bytes at offset %d\n", count, pos);
+       printf("attempting to read %zu bytes at offset %lld\n", count, pos);
 #endif
 
        for (tmp = buf; count-- > 0 && pos < NVRAM_SIZE; ++pos, ++tmp)
                *tmp = nvram_get_byte(pos);
 
 #ifdef NVRAM_DEBUG
-       printf("nvramread read %d bytes (%s)\n", (tmp - buf), tmp);
+       printf("nvramread read %td bytes (%s)\n", (tmp - buf), tmp);
 #endif
 
-       ret = uiomovei((caddr_t)buf, (tmp - buf), uio);
+       ret = uiomove(buf, (tmp - buf), uio);
 
        uio->uio_offset += uio->uio_resid;

Reply via email to