netbsd-bugs: bin/22391: page fault in ioctl()

Subject: bin/22391: page fault in ioctl()
To: None <gnats-bugs@gnats.netbsd.org>
From: SAITOH Masanobu <masanobu@iij.ad.jp>
List: netbsd-bugs
Date: 08/07/2003 14:20:23

>Number:         22391
>Category:       bin
>Synopsis:       page fault in ioctl()
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 07 05:21:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     SAITOH Masanobu
>Release:        1.5.x, 1.6.x
>Organization:
>Environment:
all
>Description:
	ioctl(TIOCFLUSH) in sys_bsd.c::TerminalFlushOutput() fails
	because it does null pointer access (and call pcb_onfault).

>How-To-Repeat:
	send ^T via telnet on slow terminal
>Fix:
	Following patch fixes this problem.
	On OpenBSD, it takes FWRITE flasg only. I don't know it's
	true or not.
	It seems FreeBSD have the same problem.


 TerminalFlushOutput()
 {
 #ifdef TIOCFLUSH
+    int com = 0;
 
-    (void) ioctl(fileno(stdout), TIOCFLUSH, (char *) 0);
+    (void) ioctl(fileno(stdout), TIOCFLUSH, (char *) &com);
 #else
     (void) ioctl(fileno(stdout), TCFLSH, (char *) 0);
 #endif

>Release-Note:
>Audit-Trail:
>Unformatted: