netbsd-bugs: port-i386/919: i386 console ioctl with pitch==0 will crash kernel

Subject: port-i386/919: i386 console ioctl with pitch==0 will crash kernel
To: None <gnats-admin@NetBSD.ORG>
From: John Kohl <jtk@kolvir.blrc.ma.us>
List: netbsd-bugs
Date: 03/28/1995 17:20:03

>Number:         919
>Category:       port-i386
>Synopsis:       console beeping via CONSOLE_X_BELL or KDMKTONE can crash system
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 28 17:20:01 1995
>Originator:     John Kohl
>Organization:
NetBSD Kernel Hackers `R` Us
>Release:        -current
>Environment:
	
System: NetBSD kolvir 1.0A NetBSD 1.0A (KOLVIR) #150: Tue Mar 28 18:49:21 EST 1995 jtk@kolvir:/u1/NetBSD-current/src/sys/arch/i386/compile/KOLVIR i386


>Description:
calling an ioctl() to emit a tone with pitch==0 on the keyboard will
crash a system with an integer divide fault in kernel mode.

>How-To-Repeat:
	int zeros[2] = {0, 0};
	ioctl(fd, CONSOLE_X_BELL, zeros);	(pccons)
	ioctl(fd, KDMKTONE, zeros);		(pcvt)
>Fix:
===================================================================
RCS file: RCS/clock.c,v
retrieving revision 1.1
diff -ubw -r1.1 clock.c
--- 1.1	1995/03/29 00:50:48
+++ clock.c	1995/03/29 00:58:59
@@ -237,6 +237,11 @@
 
 	if (beeping)
 		untimeout(sysbeepstop, 0);
+	if (pitch == 0 || period == 0) {
+	    sysbeepstop();
+	    last_pitch = 0;
+	    return;
+	}
 	if (!beeping || last_pitch != pitch) {
 		disable_intr();
 		outb(TIMER_MODE, TIMER_SEL2 | TIMER_16BIT | TIMER_SQWAVE);
>Audit-Trail:
>Unformatted: