svn commit: r237036 - in head/sys: kern netsmb
Pawel Jakub Dawidek
pjd at FreeBSD.org
Wed Jun 13 22:12:12 UTC 2012
Author: pjd
Date: Wed Jun 13 22:12:10 2012
New Revision: 237036
URL: http://svn.freebsd.org/changeset/base/237036
Log:
When checking if file descriptor number is valid, explicitely check for 'fd'
being less than 0 instead of using cast-to-unsigned hack.
Today's commit was brought to you by the letters 'B', 'D' and 'E' :)
Modified:
head/sys/kern/kern_descrip.c
head/sys/kern/uipc_usrreq.c
head/sys/netsmb/smb_dev.c
Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c Wed Jun 13 21:53:40 2012 (r237035)
+++ head/sys/kern/kern_descrip.c Wed Jun 13 22:12:10 2012 (r237036)
@@ -243,7 +243,7 @@ fd_last_used(struct filedesc *fdp, int s
static int
fdisused(struct filedesc *fdp, int fd)
{
- KASSERT((unsigned int)fd < fdp->fd_nfiles,
+ KASSERT(fd >= 0 && fd < fdp->fd_nfiles,
("file descriptor %d out of range (0, %d)", fd, fdp->fd_nfiles));
return ((fdp->fd_map[NDSLOT(fd)] & NDBIT(fd)) != 0);
}
@@ -433,7 +433,7 @@ fdtofp(int fd, struct filedesc *fdp)
FILEDESC_LOCK_ASSERT(fdp);
- if ((unsigned)fd >= fdp->fd_nfiles)
+ if (fd < 0 || fd >= fdp->fd_nfiles)
return (NULL);
return (fdp->fd_ofiles[fd]);
@@ -677,7 +677,7 @@ kern_fcntl(struct thread *td, int fd, in
vfslocked = 0;
/* Check for race with close */
FILEDESC_SLOCK(fdp);
- if ((unsigned) fd >= fdp->fd_nfiles ||
+ if (fd < 0 || fd >= fdp->fd_nfiles ||
fp != fdp->fd_ofiles[fd]) {
FILEDESC_SUNLOCK(fdp);
flp->l_whence = SEEK_SET;
@@ -1197,7 +1197,7 @@ kern_close(td, fd)
AUDIT_SYSCLOSE(td, fd);
FILEDESC_XLOCK(fdp);
- if ((unsigned)fd >= fdp->fd_nfiles ||
+ if (fd < 0 || fd >= fdp->fd_nfiles ||
(fp = fdp->fd_ofiles[fd]) == NULL) {
FILEDESC_XUNLOCK(fdp);
return (EBADF);
@@ -1500,7 +1500,7 @@ fdalloc(struct thread *td, int minfd, in
* Perform some sanity checks, then mark the file descriptor as
* used and return it to the caller.
*/
- KASSERT((unsigned int)fd < min(maxfd, fdp->fd_nfiles),
+ KASSERT(fd >= 0 && fd < min(maxfd, fdp->fd_nfiles),
("invalid descriptor %d", fd));
KASSERT(!fdisused(fdp, fd),
("fd_first_free() returned non-free descriptor"));
@@ -2213,7 +2213,7 @@ fget_unlocked(struct filedesc *fdp, int
struct file *fp;
u_int count;
- if ((unsigned int)fd >= fdp->fd_nfiles)
+ if (fd < 0 || fd >= fdp->fd_nfiles)
return (NULL);
/*
* Fetch the descriptor locklessly. We avoid fdrop() races by
@@ -2602,7 +2602,7 @@ dupfdopen(struct thread *td, struct file
* closed, then reject.
*/
FILEDESC_XLOCK(fdp);
- if ((unsigned int)dfd >= fdp->fd_nfiles ||
+ if (dfd < 0 || dfd >= fdp->fd_nfiles ||
(fp = fdp->fd_ofiles[dfd]) == NULL) {
FILEDESC_XUNLOCK(fdp);
return (EBADF);
Modified: head/sys/kern/uipc_usrreq.c
==============================================================================
--- head/sys/kern/uipc_usrreq.c Wed Jun 13 21:53:40 2012 (r237035)
+++ head/sys/kern/uipc_usrreq.c Wed Jun 13 22:12:10 2012 (r237036)
@@ -1872,7 +1872,7 @@ unp_internalize(struct mbuf **controlp,
FILEDESC_SLOCK(fdescp);
for (i = 0; i < oldfds; i++) {
fd = *fdp++;
- if ((unsigned)fd >= fdescp->fd_nfiles ||
+ if (fd < 0 || fd >= fdescp->fd_nfiles ||
fdescp->fd_ofiles[fd] == NULL) {
FILEDESC_SUNLOCK(fdescp);
error = EBADF;
Modified: head/sys/netsmb/smb_dev.c
==============================================================================
--- head/sys/netsmb/smb_dev.c Wed Jun 13 21:53:40 2012 (r237035)
+++ head/sys/netsmb/smb_dev.c Wed Jun 13 22:12:10 2012 (r237036)
@@ -375,7 +375,7 @@ nsmb_getfp(struct filedesc* fdp, int fd,
struct file* fp;
FILEDESC_SLOCK(fdp);
- if (((u_int)fd) >= fdp->fd_nfiles ||
+ if (fd < 0 || fd >= fdp->fd_nfiles ||
(fp = fdp->fd_ofiles[fd]) == NULL ||
(fp->f_flag & flag) == 0) {
FILEDESC_SUNLOCK(fdp);
More information about the svn-src-head
mailing list