Date: Tue, 30 May 2017 21:17:46 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 219525] Multiple bugs in mpr ioctl handler Message-ID: <bug-219525-8-UUvnvKcwKV@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-219525-8@https.bugs.freebsd.org/bugzilla/> References: <bug-219525-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219525 --- Comment #3 from Stephen McConnell <slm@freebsd.org> --- OK. I see what you're saying. The check makes sure that data is not copied to invalid space, but it does not check if the bytes are valid. That's true. Maybe it's better like this: if (status == 0) { if (copyout((void *)sc->recorded_events, PTRIN(data->PtrEvents), min(size, sizeof(sc->recorded_events))) != 0) status = EFAULT; } Then, it just copies out as many valid bytes as it can, and no 'else' part. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219525-8-UUvnvKcwKV>