On Mon, 2012-11-26 at 14:24 +0000, Markos Chandras wrote: > +int __libc_statfs(const char *path, struct statfs *buf) > +{ > + struct statfs64 b; > + int err; > + > + /* > + * See if pointer has a sane value. > + * This does not prevent the user from > + * passing an arbitrary possitive value > + * that can lead to a segfault or potential > + * security problems > + */ > + > + if (buf == NULL || (int)buf < 0) { > + __set_errno(EFAULT); > + return -1; > + }
This seems wrong. Doesn't the kernel already validate addresses passed in from userspace. Even in the no-MMU case, some architectures add basic checking for user addresses. In any case, the "(int)buf < 0" is clearly non-portable. C6X can have perfectly good addresses which make negative ints. --Mark _______________________________________________ uClibc mailing list uClibc@uclibc.org http://lists.busybox.net/mailman/listinfo/uclibc