Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys correct range check, have overflow check, fix type misma...
details: https://anonhg.NetBSD.org/src/rev/0818d787014c
branches: trunk
changeset: 534785:0818d787014c
user: itojun <itojun%NetBSD.org@localhost>
date: Sat Aug 03 00:12:48 2002 +0000
description:
correct range check, have overflow check, fix type mismatches,
for cmap args and some other calls. from openbsd
diffstat:
sys/arch/amiga/dev/grf_cl.c | 8 ++--
sys/arch/amiga/dev/grf_cv.c | 8 ++--
sys/arch/amiga/dev/grf_et.c | 8 ++--
sys/arch/amiga/dev/grf_rh.c | 8 ++--
sys/arch/amiga/dev/grf_rt.c | 8 ++--
sys/arch/amiga/dev/grf_ul.c | 8 ++--
sys/arch/amiga/dev/view.c | 6 ++-
sys/arch/hp300/hp300/hpux_machdep.c | 7 ++-
sys/arch/i386/i386/sys_machdep.c | 7 ++-
sys/arch/sparc/dev/cgfourteen.c | 72 ++++++++++++++++++------------------
sys/arch/sparc/dev/cgtwo.c | 6 +-
sys/arch/sun3/dev/bt_subr.c | 6 +-
sys/arch/sun3/dev/cg2.c | 6 +-
sys/arch/sun3/dev/cg4.c | 14 +++---
sys/compat/hpux/hpux_compat.c | 15 ++++---
sys/compat/ibcs2/ibcs2_stat.c | 9 +++-
sys/dev/ic/bt463.c | 13 +++---
sys/dev/ic/bt485.c | 12 +++---
sys/dev/ic/ibm561.c | 16 +++----
sys/dev/ic/igsfb.c | 8 ++--
sys/ufs/lfs/lfs_syscalls.c | 8 +++-
21 files changed, 135 insertions(+), 118 deletions(-)
diffs (truncated from 796 to 300 lines):
diff -r f41ae5daccaa -r 0818d787014c sys/arch/amiga/dev/grf_cl.c
--- a/sys/arch/amiga/dev/grf_cl.c Fri Aug 02 23:35:06 2002 +0000
+++ b/sys/arch/amiga/dev/grf_cl.c Sat Aug 03 00:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: grf_cl.c,v 1.30 2002/05/14 00:08:21 matt Exp $ */
+/* $NetBSD: grf_cl.c,v 1.31 2002/08/03 00:12:53 itojun Exp $ */
/*
* Copyright (c) 1997 Klaus Burkert
@@ -36,7 +36,7 @@
#include "opt_amigacons.h"
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: grf_cl.c,v 1.30 2002/05/14 00:08:21 matt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: grf_cl.c,v 1.31 2002/08/03 00:12:53 itojun Exp $");
#include "grfcl.h"
#if NGRFCL > 0
@@ -1100,7 +1100,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return 0;
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
ba = gfp->g_regkva;
@@ -1168,7 +1168,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return (0);
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
/* first copy the colors into kernelspace */
diff -r f41ae5daccaa -r 0818d787014c sys/arch/amiga/dev/grf_cv.c
--- a/sys/arch/amiga/dev/grf_cv.c Fri Aug 02 23:35:06 2002 +0000
+++ b/sys/arch/amiga/dev/grf_cv.c Sat Aug 03 00:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: grf_cv.c,v 1.30 2002/03/17 19:40:28 atatat Exp $ */
+/* $NetBSD: grf_cv.c,v 1.31 2002/08/03 00:12:54 itojun Exp $ */
/*
* Copyright (c) 1995 Michael Teske
@@ -33,7 +33,7 @@
#include "opt_amigacons.h"
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: grf_cv.c,v 1.30 2002/03/17 19:40:28 atatat Exp $");
+__KERNEL_RCSID(0, "$NetBSD: grf_cv.c,v 1.31 2002/08/03 00:12:54 itojun Exp $");
#include "grfcv.h"
#if NGRFCV > 0
@@ -1047,7 +1047,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return (0);
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
/* first read colors out of the chip, then copyout to userspace */
@@ -1085,7 +1085,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return (0);
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
/* first copy the colors into kernelspace */
diff -r f41ae5daccaa -r 0818d787014c sys/arch/amiga/dev/grf_et.c
--- a/sys/arch/amiga/dev/grf_et.c Fri Aug 02 23:35:06 2002 +0000
+++ b/sys/arch/amiga/dev/grf_et.c Sat Aug 03 00:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: grf_et.c,v 1.15 2002/03/17 19:40:29 atatat Exp $ */
+/* $NetBSD: grf_et.c,v 1.16 2002/08/03 00:12:55 itojun Exp $ */
/*
* Copyright (c) 1997 Klaus Burkert
@@ -37,7 +37,7 @@
#include "opt_amigacons.h"
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: grf_et.c,v 1.15 2002/03/17 19:40:29 atatat Exp $");
+__KERNEL_RCSID(0, "$NetBSD: grf_et.c,v 1.16 2002/08/03 00:12:55 itojun Exp $");
#include "grfet.h"
#if NGRFET > 0
@@ -834,7 +834,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return 0;
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
ba = gfp->g_regkva;
@@ -885,7 +885,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return (0);
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
/* first copy the colors into kernelspace */
diff -r f41ae5daccaa -r 0818d787014c sys/arch/amiga/dev/grf_rh.c
--- a/sys/arch/amiga/dev/grf_rh.c Fri Aug 02 23:35:06 2002 +0000
+++ b/sys/arch/amiga/dev/grf_rh.c Sat Aug 03 00:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: grf_rh.c,v 1.35 2002/03/17 19:40:29 atatat Exp $ */
+/* $NetBSD: grf_rh.c,v 1.36 2002/08/03 00:12:55 itojun Exp $ */
/*
* Copyright (c) 1994 Markus Wild
@@ -34,7 +34,7 @@
#include "opt_retina.h"
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: grf_rh.c,v 1.35 2002/03/17 19:40:29 atatat Exp $");
+__KERNEL_RCSID(0, "$NetBSD: grf_rh.c,v 1.36 2002/08/03 00:12:55 itojun Exp $");
#include "grfrh.h"
#if NGRFRH > 0
@@ -1803,7 +1803,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return 0;
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
ba = gfp->g_regkva;
@@ -1838,7 +1838,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return(0);
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
/* first copy the colors into kernelspace */
diff -r f41ae5daccaa -r 0818d787014c sys/arch/amiga/dev/grf_rt.c
--- a/sys/arch/amiga/dev/grf_rt.c Fri Aug 02 23:35:06 2002 +0000
+++ b/sys/arch/amiga/dev/grf_rt.c Sat Aug 03 00:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: grf_rt.c,v 1.42 2002/03/17 19:40:30 atatat Exp $ */
+/* $NetBSD: grf_rt.c,v 1.43 2002/08/03 00:12:56 itojun Exp $ */
/*
* Copyright (c) 1993 Markus Wild
@@ -33,7 +33,7 @@
#include "opt_amigacons.h"
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: grf_rt.c,v 1.42 2002/03/17 19:40:30 atatat Exp $");
+__KERNEL_RCSID(0, "$NetBSD: grf_rt.c,v 1.43 2002/08/03 00:12:56 itojun Exp $");
#include "grfrt.h"
#if NGRFRT > 0
@@ -1128,7 +1128,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return (0);
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
ba = gfp->g_regkva;
@@ -1164,7 +1164,7 @@
if (cmap->count == 0 || cmap->index >= 256)
return 0;
- if (cmap->index + cmap->count > 256)
+ if (cmap->count > 256 - cmap->index)
cmap->count = 256 - cmap->index;
/* first copy the colors into kernelspace */
diff -r f41ae5daccaa -r 0818d787014c sys/arch/amiga/dev/grf_ul.c
--- a/sys/arch/amiga/dev/grf_ul.c Fri Aug 02 23:35:06 2002 +0000
+++ b/sys/arch/amiga/dev/grf_ul.c Sat Aug 03 00:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: grf_ul.c,v 1.31 2002/03/17 19:40:30 atatat Exp $ */
+/* $NetBSD: grf_ul.c,v 1.32 2002/08/03 00:12:57 itojun Exp $ */
#define UL_DEBUG
/*-
@@ -40,7 +40,7 @@
#include "opt_amigacons.h"
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: grf_ul.c,v 1.31 2002/03/17 19:40:30 atatat Exp $");
+__KERNEL_RCSID(0, "$NetBSD: grf_ul.c,v 1.32 2002/08/03 00:12:57 itojun Exp $");
#include "grful.h"
#if NGRFUL > 0
@@ -798,7 +798,7 @@
if (cmap->count == 0 || cmap->index >= mxidx)
return 0;
- if (cmap->index + cmap->count > mxidx)
+ if (cmap->count > mxidx - cmap->index)
cmap->count = mxidx - cmap->index;
/* just copyout from the shadow color map */
@@ -841,7 +841,7 @@
if (cmap->count == 0 || cmap->index >= mxidx)
return 0;
- if (cmap->index + cmap->count > mxidx)
+ if (cmap->count > mxidx - cmap->index)
cmap->count = mxidx - cmap->index;
/* first copyin to our shadow color map */
diff -r f41ae5daccaa -r 0818d787014c sys/arch/amiga/dev/view.c
--- a/sys/arch/amiga/dev/view.c Fri Aug 02 23:35:06 2002 +0000
+++ b/sys/arch/amiga/dev/view.c Sat Aug 03 00:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: view.c,v 1.20 2002/03/17 19:40:32 atatat Exp $ */
+/* $NetBSD: view.c,v 1.21 2002/08/03 00:12:58 itojun Exp $ */
/*
* Copyright (c) 1994 Christian E. Hopps
@@ -38,7 +38,7 @@
* a interface to graphics. */
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: view.c,v 1.20 2002/03/17 19:40:32 atatat Exp $");
+__KERNEL_RCSID(0, "$NetBSD: view.c,v 1.21 2002/08/03 00:12:58 itojun Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -334,6 +334,8 @@
u_long *uep;
/* add one incase of zero, ick. */
+ if (ucm->size + 1 > SIZE_T_MAX / sizeof(u_long))
+ return EINVAL;
cme = malloc(sizeof (u_long)*(ucm->size + 1), M_IOCTLOPS, M_WAITOK);
if (cme == NULL)
return(ENOMEM);
diff -r f41ae5daccaa -r 0818d787014c sys/arch/hp300/hp300/hpux_machdep.c
--- a/sys/arch/hp300/hp300/hpux_machdep.c Fri Aug 02 23:35:06 2002 +0000
+++ b/sys/arch/hp300/hp300/hpux_machdep.c Sat Aug 03 00:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: hpux_machdep.c,v 1.29 2002/07/04 23:32:03 thorpej Exp $ */
+/* $NetBSD: hpux_machdep.c,v 1.30 2002/08/03 00:12:58 itojun Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998 The NetBSD Foundation, Inc.
@@ -78,7 +78,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hpux_machdep.c,v 1.29 2002/07/04 23:32:03 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hpux_machdep.c,v 1.30 2002/08/03 00:12:58 itojun Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -280,6 +280,9 @@
int l, i, error = 0;
int len;
+ if (SCARG(uap, len) <= 0)
+ return (EINVAL);
+
for (i = 0; context_table[i].str != NULL; i++)
if (context_table[i].val == fputype)
break;
diff -r f41ae5daccaa -r 0818d787014c sys/arch/i386/i386/sys_machdep.c
--- a/sys/arch/i386/i386/sys_machdep.c Fri Aug 02 23:35:06 2002 +0000
+++ b/sys/arch/i386/i386/sys_machdep.c Sat Aug 03 00:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_machdep.c,v 1.62 2002/03/22 18:41:40 christos Exp $ */
+/* $NetBSD: sys_machdep.c,v 1.63 2002/08/03 00:12:48 itojun Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_machdep.c,v 1.62 2002/03/22 18:41:40 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_machdep.c,v 1.63 2002/08/03 00:12:48 itojun Exp $");
#include "opt_vm86.h"
#include "opt_user_ldt.h"
@@ -123,7 +123,8 @@
ua.num, ua.desc);
#endif
- if (ua.start < 0 || ua.num < 0)
+ if (ua.start < 0 || ua.num < 0 || ua.start > 8192 || ua.num > 8192 ||
+ ua.start + ua.num > 8192)
return (EINVAL);
/*
diff -r f41ae5daccaa -r 0818d787014c sys/arch/sparc/dev/cgfourteen.c
Home |
Main Index |
Thread Index |
Old Index