Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Avoid overflow by checking the count argument (Christer Oeberg).

Browse Source 
- While I am here, don't leak fds either.
This commit is contained in:
christos 2005-09-12 20:54:38 +00:00
parent 49840169c0
commit d9f67be7fe
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sys/compat/darwin/darwin_mman.c
View File

@ -1,6 +1,6 @@
#undef DEBUG_DARWIN
#undef DEBUG_MACH
/* $NetBSD: darwin_mman.c,v 1.15 2005/02/26 23:10:18 perry Exp $ */
/* $NetBSD: darwin_mman.c,v 1.16 2005/09/12 20:54:38 christos Exp $ */
/*-
* Copyright (c) 2002 The NetBSD Foundation, Inc.
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: darwin_mman.c,v 1.15 2005/02/26 23:10:18 perry Exp $");
__KERNEL_RCSID(0, "$NetBSD: darwin_mman.c,v 1.16 2005/09/12 20:54:38 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -138,12 +138,9 @@ darwin_sys_load_shared_file(l, v, retval)
vp = (struct vnode *)fp->f_data;
vref(vp);
/* XXX maximum count ? */
if (SCARG(uap, count) < 0)
return EINVAL;
maplen = sizeof(*mapp) * SCARG(uap, count);
if (maplen > PAGE_SIZE) {
error = ENOMEM;
if (SCARG(uap, count) < 0 ||
SCARG(uap, count) > PAGE_SIZE / sizeof(*mapp)) {
errno = EINVAL;
goto bad3;
}
mapp = malloc(sizeof(*mapp) * SCARG(uap, count), M_TEMP, M_WAITOK);