From owner-svn-src-head@freebsd.org  Mon Jan  8 07:47:08 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 730C9E7E2EB;
 Mon,  8 Jan 2018 07:47:08 +0000 (UTC)
 (envelope-from andrew@fubar.geek.nz)
Received: from fry.fubar.geek.nz (fry.fubar.geek.nz [139.59.165.16])
 by mx1.freebsd.org (Postfix) with ESMTP id CEBAB6E9AF;
 Mon,  8 Jan 2018 07:47:05 +0000 (UTC)
 (envelope-from andrew@fubar.geek.nz)
Received: from [IPv6:2a02:c7f:1e13:cf00:341b:263b:a811:3894] (unknown
 [IPv6:2a02:c7f:1e13:cf00:341b:263b:a811:3894])
 by fry.fubar.geek.nz (Postfix) with ESMTPSA id B75784EBDB;
 Mon,  8 Jan 2018 07:37:45 +0000 (UTC)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Subject: Re: svn commit: r327684 - in head/sys/compat: cloudabi32 cloudabi64
From: Andrew Turner <andrew@fubar.geek.nz>
In-Reply-To: <201801072238.w07McjLP099234@repo.freebsd.org>
Date: Mon, 8 Jan 2018 07:37:44 +0000
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <8D8CA434-2A87-44D9-AC27-5166802FBBC2@fubar.geek.nz>
References: <201801072238.w07McjLP099234@repo.freebsd.org>
To: Ed Schouten <ed@FreeBSD.org>
X-Mailer: Apple Mail (2.3445.5.20)
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2018 07:47:08 -0000


> On 7 Jan 2018, at 22:38, Ed Schouten <ed@FreeBSD.org> wrote:
>=20
> Author: ed
> Date: Sun Jan  7 22:38:45 2018
> New Revision: 327684
> URL: https://svnweb.freebsd.org/changeset/base/327684
>=20
> Log:
>  Use mallocarray(9) in CloudABI kernel code where possible.
>=20
>  Submitted by:	pfg@
>=20
> Modified:
>  head/sys/compat/cloudabi32/cloudabi32_sock.c
>  head/sys/compat/cloudabi64/cloudabi64_sock.c
>=20
> Modified: head/sys/compat/cloudabi32/cloudabi32_sock.c
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/sys/compat/cloudabi32/cloudabi32_sock.c	Sun Jan  7 =
22:21:07 2018	(r327683)
> +++ head/sys/compat/cloudabi32/cloudabi32_sock.c	Sun Jan  7 =
22:38:45 2018	(r327684)
> @@ -60,7 +60,7 @@ cloudabi32_sys_sock_recv(struct thread *td,
> 	/* Convert iovecs to native format. */
> 	if (ri.ri_data_len > UIO_MAXIOV)
> 		return (EINVAL);
> -	iov =3D malloc(ri.ri_data_len * sizeof(struct iovec),
> +	iov =3D mallocarray(ri.ri_data_len, sizeof(struct iovec),
> 	    M_SOCKET, M_WAITOK);

Won=E2=80=99t this lead to a NULL pointer dereference on overflow? =
mallocarray can return NULL even with M_WAITOK.

Andrew