sys_pipe.c uiomove() conversion

Sat, 09 Jan 2016 06:32:01 -0800 

Below the uiomove() conversion for kern/sys_pipe.c. This diff eliminates
a potential overflow of the nread variable.

I think it would benefit readability to sprinkle some ulmin()/MIN() into
that code and wrap lines to <80 chars, but that's probably a matter for
another diff. Including those changes adds to much noise to this diff.

Index: kern/sys_pipe.c
===================================================================
RCS file: /cvs/src/sys/kern/sys_pipe.c,v
retrieving revision 1.71
diff -u -p -u -r1.71 sys_pipe.c
--- kern/sys_pipe.c     6 Jan 2016 17:59:30 -0000       1.71
+++ kern/sys_pipe.c     9 Jan 2016 14:07:38 -0000
@@ -297,8 +297,7 @@ pipe_read(struct file *fp, off_t *poff, 
 {
        struct pipe *rpipe = fp->f_data;
        int error;
-       int nread = 0;
-       int size;
+       size_t size, nread = 0;
 
        error = pipelock(rpipe);
        if (error)
@@ -316,7 +315,7 @@ pipe_read(struct file *fp, off_t *poff, 
                                size = rpipe->pipe_buffer.cnt;
                        if (size > uio->uio_resid)
                                size = uio->uio_resid;
-                       error = 
uiomovei(&rpipe->pipe_buffer.buffer[rpipe->pipe_buffer.out],
+                       error = 
uiomove(&rpipe->pipe_buffer.buffer[rpipe->pipe_buffer.out],
                                        size, uio);
                        if (error) {
                                break;
@@ -460,7 +459,7 @@ pipe_write(struct file *fp, off_t *poff,
        orig_resid = uio->uio_resid;
 
        while (uio->uio_resid) {
-               int space;
+               size_t space;
 
 retrywrite:
                if (wpipe->pipe_state & PIPE_EOF) {
@@ -476,8 +475,8 @@ retrywrite:
 
                if (space > 0) {
                        if ((error = pipelock(wpipe)) == 0) {
-                               int size;       /* Transfer size */
-                               int segsize;    /* first segment to transfer */
+                               size_t size;    /* Transfer size */
+                               size_t segsize; /* first segment to transfer */
 
                                /*
                                 * If a process blocked in uiomove, our
@@ -514,7 +513,7 @@ retrywrite:
 
                                /* Transfer first segment */
 
-                               error = 
uiomovei(&wpipe->pipe_buffer.buffer[wpipe->pipe_buffer.in], 
+                               error = 
uiomove(&wpipe->pipe_buffer.buffer[wpipe->pipe_buffer.in],
                                                segsize, uio);
 
                                if (error == 0 && segsize < size) {
@@ -529,7 +528,7 @@ retrywrite:
                                                panic("Expected pipe buffer 
wraparound disappeared");
 #endif
 
-                                       error = 
uiomovei(&wpipe->pipe_buffer.buffer[0],
+                                       error = 
uiomove(&wpipe->pipe_buffer.buffer[0],
                                                        size - segsize, uio);
                                }
                                if (error == 0) {

cheers,
natano

Reply via email to