Sync with i386/locore.S 1.33:

Check the passed in address as well as determining the maximum length using VM_MAXUSER_ADDRESS in copyinstr and copyoutstr. Problem originally fixed in OpenBSD/i386. This fix suggested by Charles Hannum (mycroft at netbsd dot org).
2005-03-16 14:52:29 +00:00 · 2005-03-16 14:52:29 +00:00 · a982855f7e
parent 57283c37bb
commit a982855f7e
1 changed files with 3 additions and 1 deletions
--- a/sys/arch/xen/i386/locore.S
+++ b/sys/arch/xen/i386/locore.S
@ -1,4 +1,4 @@
-/*	$NetBSD: locore.S,v 1.9 2005/03/09 22:39:20 bouyer Exp $	*/
+/*	$NetBSD: locore.S,v 1.10 2005/03/16 14:52:29 bouyer Exp $	*/
 /*	NetBSD: locore.S,v 1.31 2004/08/26 10:12:33 junyoung Exp	*/

 /*-
@ -929,6 +929,7 @@ ENTRY(copyoutstr)
 	 */
 	movl	$VM_MAXUSER_ADDRESS,%eax
 	subl	%edi,%eax
+	jc	_C_LABEL(copystr_efault)
 	cmpl	%edx,%eax
 	jae	1f
 	movl	%eax,%edx
@ -983,6 +984,7 @@ ENTRY(copyinstr)
 	 */
 	movl	$VM_MAXUSER_ADDRESS,%eax
 	subl	%esi,%eax
+	jc	_C_LABEL(copystr_efault)
 	cmpl	%edx,%eax
 	jae	1f
 	movl	%eax,%edx