svn commit: r301524 - vendor-sys/illumos/dist/uts/common/dtrace

Mark Johnston markj at FreeBSD.org
Mon Jun 6 22:06:47 UTC 2016 

Author: markj
Date: Mon Jun  6 22:06:45 2016
New Revision: 301524
URL: https://svnweb.freebsd.org/changeset/base/301524

Log:
  7034 negative record sizes should be rejected
  
  Reviewed by: Patrick Mooney <patrick.mooney at joyent.com>
  Reviewed by: Bryan Cantrill <bryan at joyent.com>
  Approved by: Matthew Ahrens <mahrens at delphix.com>
  Author: Alex Wilson <alex.wilson at joyent.com>
  
  illumos/illumos-gate at 0b8049bfb0e291160e960697b554596289d7f0bc

Modified:
  vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c

Modified: vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c
==============================================================================
--- vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c	Mon Jun  6 21:04:29 2016	(r301523)
+++ vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c	Mon Jun  6 22:06:45 2016	(r301524)
@@ -10427,7 +10427,7 @@ dtrace_ecb_enable(dtrace_ecb_t *ecb)
 	}
 }
 
-static void
+static int
 dtrace_ecb_resize(dtrace_ecb_t *ecb)
 {
 	dtrace_action_t *act;
@@ -10461,6 +10461,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb)
 
 			curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment);
 			rec->dtrd_offset = curneeded;
+			if (curneeded + rec->dtrd_size < curneeded)
+				return (EINVAL);
 			curneeded += rec->dtrd_size;
 			ecb->dte_needed = MAX(ecb->dte_needed, curneeded);
 
@@ -10485,6 +10487,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb)
 			}
 			curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment);
 			rec->dtrd_offset = curneeded;
+			if (curneeded + rec->dtrd_size < curneeded)
+				return (EINVAL);
 			curneeded += rec->dtrd_size;
 		} else {
 			/* tuples must be followed by an aggregation */
@@ -10494,6 +10498,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb)
 			ecb->dte_size = P2ROUNDUP(ecb->dte_size,
 			    rec->dtrd_alignment);
 			rec->dtrd_offset = ecb->dte_size;
+			if (ecb->dte_size + rec->dtrd_size < ecb->dte_size)
+				return (EINVAL);
 			ecb->dte_size += rec->dtrd_size;
 			ecb->dte_needed = MAX(ecb->dte_needed, ecb->dte_size);
 		}
@@ -10513,6 +10519,7 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb)
 	ecb->dte_needed = P2ROUNDUP(ecb->dte_needed, (sizeof (dtrace_epid_t)));
 	ecb->dte_state->dts_needed = MAX(ecb->dte_state->dts_needed,
 	    ecb->dte_needed);
+	return (0);
 }
 
 static dtrace_action_t *
@@ -11180,7 +11187,10 @@ dtrace_ecb_create(dtrace_state_t *state,
 		}
 	}
 
-	dtrace_ecb_resize(ecb);
+	if ((enab->dten_error = dtrace_ecb_resize(ecb)) != 0) {
+		dtrace_ecb_destroy(ecb);
+		return (NULL);
+	}
 
 	return (dtrace_ecb_create_cache = ecb);
 }

More information about the svn-src-all mailing list