Date: Thu, 22 Oct 2015 21:23:58 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r289768 - head/sys/amd64/linux32 Message-ID: <201510222123.t9MLNwOm055522@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Thu Oct 22 21:23:58 2015 New Revision: 289768 URL: https://svnweb.freebsd.org/changeset/base/289768 Log: Merge r289055 to amd64/linux32: linux: fix handling of out-of-bounds syscall attempts Due to an off by one the code would read an entry past the table, as opposed to the last entry which contains the nosys handler. Modified: head/sys/amd64/linux32/linux32_sysvec.c Modified: head/sys/amd64/linux32/linux32_sysvec.c ============================================================================== --- head/sys/amd64/linux32/linux32_sysvec.c Thu Oct 22 21:13:35 2015 (r289767) +++ head/sys/amd64/linux32/linux32_sysvec.c Thu Oct 22 21:23:58 2015 (r289768) @@ -741,7 +741,7 @@ linux32_fetch_syscall_args(struct thread if (sa->code >= p->p_sysent->sv_size) /* nosys */ - sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL]; + sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1]; else sa->callp = &p->p_sysent->sv_table[sa->code]; sa->narg = sa->callp->sy_narg;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201510222123.t9MLNwOm055522>