kern/112671: [if_tap] stat /dev/tapN leads to panic for N >= 2G
Ariff Abdullah
ariff at FreeBSD.org
Wed May 16 21:20:10 UTC 2007
The following reply was made to PR kern/112671; it has been noted by GNATS.
From: Ariff Abdullah <ariff at FreeBSD.org>
To: bug-followup at FreeBSD.org, osd at cs.unibo.it
Cc:
Subject: Re: kern/112671: [if_tap] stat /dev/tapN leads to panic for N >= 2G
Date: Thu, 17 May 2007 05:10:46 +0800
This is a multi-part message in MIME format.
--Multipart=_Thu__17_May_2007_05_10_46_+0800_//OmptO1D13lMuyR
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Well, I'm not really sure if this is all about signess or simply
because dev_stdclone() itself fail to do correct checking on
unit > 0xffffff (it should be CLONE_UNITMASK which is 0xfffff, no?),
obviously an overflow against clone_create(). It could be argued that
the caller would later strip and truncate it, but there are few other
drivers (notably snp(4)) which innocently proceed without any
tinkering.
Anyway, try this patch. It should help other dev_stdclone() users too.
--
Ariff Abdullah
FreeBSD
... Recording in stereo is obviously too advanced
and confusing for us idiot ***** users :P ........
--Multipart=_Thu__17_May_2007_05_10_46_+0800_//OmptO1D13lMuyR
Content-Type: text/x-diff;
name="kern_conf.c.diff"
Content-Disposition: attachment;
filename="kern_conf.c.diff"
Content-Transfer-Encoding: 7bit
Index: src/sys/kern/kern_conf.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_conf.c,v
retrieving revision 1.201
diff -u -r1.201 kern_conf.c
--- src/sys/kern/kern_conf.c 2 Feb 2007 22:27:45 -0000 1.201
+++ src/sys/kern/kern_conf.c 16 May 2007 20:05:51 -0000
@@ -763,7 +763,7 @@
u *= 10;
u += name[i++] - '0';
}
- if (u > 0xffffff)
+ if (u > CLONE_UNITMASK)
return (0);
*unit = u;
if (namep)
--Multipart=_Thu__17_May_2007_05_10_46_+0800_//OmptO1D13lMuyR--
More information about the freebsd-bugs
mailing list