svn commit: r232692 - head/sys/ufs/ffs
Peter Holm
pho at FreeBSD.org
Thu Mar 8 12:49:09 UTC 2012
Author: pho
Date: Thu Mar 8 12:49:08 2012
New Revision: 232692
URL: http://svn.freebsd.org/changeset/base/232692
Log:
syscall() fuzzing can trigger this panic. Return EINVAL instead.
MFC after: 1 week
Modified:
head/sys/ufs/ffs/ffs_vnops.c
Modified: head/sys/ufs/ffs/ffs_vnops.c
==============================================================================
--- head/sys/ufs/ffs/ffs_vnops.c Thu Mar 8 11:05:53 2012 (r232691)
+++ head/sys/ufs/ffs/ffs_vnops.c Thu Mar 8 12:49:08 2012 (r232692)
@@ -464,11 +464,11 @@ ffs_read(ap)
} else if (vp->v_type != VREG && vp->v_type != VDIR)
panic("ffs_read: type %d", vp->v_type);
#endif
+ if (uio->uio_resid < 0 || uio->uio_offset < 0)
+ return (EINVAL);
orig_resid = uio->uio_resid;
- KASSERT(orig_resid >= 0, ("ffs_read: uio->uio_resid < 0"));
if (orig_resid == 0)
return (0);
- KASSERT(uio->uio_offset >= 0, ("ffs_read: uio->uio_offset < 0"));
fs = ip->i_fs;
if (uio->uio_offset < ip->i_size &&
uio->uio_offset >= fs->fs_maxfilesize)
More information about the svn-src-head
mailing list