svn commit: r253045 - head/sys/fs/ext2fs
Pedro F. Giffuni
pfg at FreeBSD.org
Mon Jul 8 20:21:36 UTC 2013
Author: pfg
Date: Mon Jul 8 20:21:36 2013
New Revision: 253045
URL: http://svnweb.freebsd.org/changeset/base/253045
Log:
Avoid a panic and return EINVAL instead.
Merge from UFS r232692:
syscall() fuzzing can trigger this panic.
MFC after: 3 days
Modified:
head/sys/fs/ext2fs/ext2_vnops.c
Modified: head/sys/fs/ext2fs/ext2_vnops.c
==============================================================================
--- head/sys/fs/ext2fs/ext2_vnops.c Mon Jul 8 19:40:50 2013 (r253044)
+++ head/sys/fs/ext2fs/ext2_vnops.c Mon Jul 8 20:21:36 2013 (r253045)
@@ -1598,11 +1598,11 @@ ext2_read(struct vop_read_args *ap)
} else if (vp->v_type != VREG && vp->v_type != VDIR)
panic("%s: type %d", "ext2_read", vp->v_type);
#endif
+ if (uio->uio_resid < 0 || uio->uio_offset < 0)
+ return (EINVAL);
orig_resid = uio->uio_resid;
- KASSERT(orig_resid >= 0, ("ext2_read: uio->uio_resid < 0"));
if (orig_resid == 0)
return (0);
- KASSERT(uio->uio_offset >= 0, ("ext2_read: uio->uio_offset < 0"));
fs = ip->i_e2fs;
if (uio->uio_offset < ip->i_size &&
uio->uio_offset >= fs->e2fs_maxfilesize)
More information about the svn-src-all
mailing list