[PATCH 1/5] vm/device_pager.c: dev_pager_alloc: 'size' must be non-zero
Conrad Meyer
cemeyer at uw.edu
Wed Mar 12 00:20:07 UTC 2014
If size is zero, paddr is used uninitialized when assigning
object1->pg_color.
Found with Clang static analysis.
Signed-off-by: Conrad Meyer <conrad.meyer at isilon.com>
---
sys/vm/device_pager.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/sys/vm/device_pager.c b/sys/vm/device_pager.c
index 13491ba..5125d20 100644
--- a/sys/vm/device_pager.c
+++ b/sys/vm/device_pager.c
@@ -135,6 +135,12 @@ cdev_pager_allocate(void *handle, enum obj_type tp, struct cdev_pager_ops *ops,
if (foff & PAGE_MASK)
return (NULL);
+ /*
+ * Size must be non-zero.
+ */
+ if (size == 0)
+ return (NULL);
+
size = round_page(size);
pindex = OFF_TO_IDX(foff + size);
--
1.8.5.3
More information about the freebsd-hackers
mailing list