Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys integer overflow. from silvio%qualys.com@localhost
details: https://anonhg.NetBSD.org/src/rev/782a1c9f36e3
branches: trunk
changeset: 534936:782a1c9f36e3
user: itojun <itojun%NetBSD.org@localhost>
date: Tue Aug 06 22:51:45 2002 +0000
description:
integer overflow. from silvio%qualys.com@localhost
diffstat:
sys/arch/hpcmips/dev/ite8181.c | 4 ++--
sys/arch/hpcmips/dev/mq200.c | 4 ++--
sys/dev/sun/bt_subr.c | 6 +++---
sys/dev/tc/cfb.c | 6 +++---
sys/dev/tc/sfb.c | 6 +++---
sys/dev/tc/xcfb.c | 6 +++---
6 files changed, 16 insertions(+), 16 deletions(-)
diffs (144 lines):
diff -r 33b390dd52b2 -r 782a1c9f36e3 sys/arch/hpcmips/dev/ite8181.c
--- a/sys/arch/hpcmips/dev/ite8181.c Tue Aug 06 22:50:37 2002 +0000
+++ b/sys/arch/hpcmips/dev/ite8181.c Tue Aug 06 22:51:45 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ite8181.c,v 1.16 2002/03/17 19:40:39 atatat Exp $ */
+/* $NetBSD: ite8181.c,v 1.17 2002/08/06 22:53:37 itojun Exp $ */
/*-
* Copyright (c) 2000,2001 SATO Kazumi
@@ -645,7 +645,7 @@
if (sc->sc_fbconf.hf_class != HPCFB_CLASS_INDEXCOLOR ||
sc->sc_fbconf.hf_pack_width != 8 ||
256 <= cmap->index ||
- 256 < (cmap->index + cmap->count))
+ 256 - cmap->index < cmap->count)
return (EINVAL);
if (!uvm_useracc(cmap->red, cmap->count, B_WRITE) ||
diff -r 33b390dd52b2 -r 782a1c9f36e3 sys/arch/hpcmips/dev/mq200.c
--- a/sys/arch/hpcmips/dev/mq200.c Tue Aug 06 22:50:37 2002 +0000
+++ b/sys/arch/hpcmips/dev/mq200.c Tue Aug 06 22:51:45 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mq200.c,v 1.20 2002/04/14 06:07:41 takemura Exp $ */
+/* $NetBSD: mq200.c,v 1.21 2002/08/06 22:54:00 itojun Exp $ */
/*-
* Copyright (c) 2000, 2001 TAKEMURA Shin
@@ -479,7 +479,7 @@
if (sc->sc_fbconf.hf_class != HPCFB_CLASS_INDEXCOLOR ||
sc->sc_fbconf.hf_pack_width != 8 ||
256 <= cmap->index ||
- 256 < (cmap->index + cmap->count))
+ 256 - cmap->index < cmap->count)
return (EINVAL);
#if 0
diff -r 33b390dd52b2 -r 782a1c9f36e3 sys/dev/sun/bt_subr.c
--- a/sys/dev/sun/bt_subr.c Tue Aug 06 22:50:37 2002 +0000
+++ b/sys/dev/sun/bt_subr.c Tue Aug 06 22:51:45 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bt_subr.c,v 1.2 2001/11/13 06:54:32 lukem Exp $ */
+/* $NetBSD: bt_subr.c,v 1.3 2002/08/06 22:51:45 itojun Exp $ */
/*
* Copyright (c) 1993
@@ -45,7 +45,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bt_subr.c,v 1.2 2001/11/13 06:54:32 lukem Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bt_subr.c,v 1.3 2002/08/06 22:51:45 itojun Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -83,7 +83,7 @@
start = p->index;
count = p->count;
- if (start >= cmsize || start + count > cmsize)
+ if (start >= cmsize || count > cmsize - start)
return (EINVAL);
if (uspace) {
diff -r 33b390dd52b2 -r 782a1c9f36e3 sys/dev/tc/cfb.c
--- a/sys/dev/tc/cfb.c Tue Aug 06 22:50:37 2002 +0000
+++ b/sys/dev/tc/cfb.c Tue Aug 06 22:51:45 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cfb.c,v 1.33 2002/07/04 14:37:13 junyoung Exp $ */
+/* $NetBSD: cfb.c,v 1.34 2002/08/06 22:52:30 itojun Exp $ */
/*
* Copyright (c) 1998, 1999 Tohru Nishimura. All rights reserved.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cfb.c,v 1.33 2002/07/04 14:37:13 junyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cfb.c,v 1.34 2002/08/06 22:52:30 itojun Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -672,7 +672,7 @@
{
u_int index = p->index, count = p->count;
- if (index >= CMAP_SIZE || (index + count) > CMAP_SIZE)
+ if (index >= CMAP_SIZE || count) > CMAP_SIZE - index)
return (EINVAL);
if (!uvm_useracc(p->red, count, B_WRITE) ||
diff -r 33b390dd52b2 -r 782a1c9f36e3 sys/dev/tc/sfb.c
--- a/sys/dev/tc/sfb.c Tue Aug 06 22:50:37 2002 +0000
+++ b/sys/dev/tc/sfb.c Tue Aug 06 22:51:45 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sfb.c,v 1.52 2002/07/04 14:37:13 junyoung Exp $ */
+/* $NetBSD: sfb.c,v 1.53 2002/08/06 22:52:30 itojun Exp $ */
/*
* Copyright (c) 1998, 1999 Tohru Nishimura. All rights reserved.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sfb.c,v 1.52 2002/07/04 14:37:13 junyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sfb.c,v 1.53 2002/08/06 22:52:30 itojun Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -702,7 +702,7 @@
{
u_int index = p->index, count = p->count;
- if (index >= CMAP_SIZE || (index + count) > CMAP_SIZE)
+ if (index >= CMAP_SIZE || count) > CMAP_SIZE - index)
return (EINVAL);
if (!uvm_useracc(p->red, count, B_WRITE) ||
diff -r 33b390dd52b2 -r 782a1c9f36e3 sys/dev/tc/xcfb.c
--- a/sys/dev/tc/xcfb.c Tue Aug 06 22:50:37 2002 +0000
+++ b/sys/dev/tc/xcfb.c Tue Aug 06 22:51:45 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xcfb.c,v 1.28 2002/07/04 14:37:14 junyoung Exp $ */
+/* $NetBSD: xcfb.c,v 1.29 2002/08/06 22:52:53 itojun Exp $ */
/*
* Copyright (c) 1998, 1999 Tohru Nishimura. All rights reserved.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xcfb.c,v 1.28 2002/07/04 14:37:14 junyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xcfb.c,v 1.29 2002/08/06 22:52:53 itojun Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -553,7 +553,7 @@
{
u_int index = p->index, count = p->count;
- if (index >= CMAP_SIZE || (index + count) > CMAP_SIZE)
+ if (index >= CMAP_SIZE || count > CMAP_SIZE - index)
return (EINVAL);
if (!uvm_useracc(p->red, count, B_WRITE) ||
Home |
Main Index |
Thread Index |
Old Index