git: 1a80a157cbe8 - main - ptrace: Do not pass a negative resid to proc_rwmem()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 31 Mar 2025 09:06:33 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=1a80a157cbe823ba75bb88823dbf1b245fe87c99
commit 1a80a157cbe823ba75bb88823dbf1b245fe87c99
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-29 08:54:48 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-03-31 09:01:09 +0000
ptrace: Do not pass a negative resid to proc_rwmem()
While here, avoid truncting uio_resid in proc_rwmem().
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D49479
---
sys/kern/sys_process.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index c7dd505d97ca..5126f34e3dc3 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -387,7 +387,7 @@ proc_rwmem(struct proc *p, struct uio *uio)
/*
* How many bytes to copy
*/
- len = min(PAGE_SIZE - page_offset, uio->uio_resid);
+ len = MIN(PAGE_SIZE - page_offset, uio->uio_resid);
/*
* Fault and hold the page on behalf of the process.
@@ -1382,6 +1382,10 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
case PT_IO:
piod = addr;
+ if (piod->piod_len > SSIZE_MAX) {
+ error = EINVAL;
+ goto out;
+ }
iov.iov_base = piod->piod_addr;
iov.iov_len = piod->piod_len;
uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs;