Date: Tue, 7 Jun 2011 05:04:37 +0000 (UTC) From: "Kenneth D. Merry" <ken@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r222804 - head/sys/kern Message-ID: <201106070504.p5754bsm066431@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ken Date: Tue Jun 7 05:04:37 2011 New Revision: 222804 URL: http://svn.freebsd.org/changeset/base/222804 Log: Set pca.p_bufr to NULL when we haven't allocated a buffer. Otherwise, p_bufr is set to garbage on the stack, and if that garbage happens to be non-NULL, and the TOLOG or TOCONS flag is set, putbuf() will get called and attempt to fill the non-existent buffer. This is really only relevant for tprintf() (and only when the priority is not -1), but set it in uprintf() and ttyprintf() for completeness. The next step, to avoid log buffer scrambling, would be to add the PRINTF_BUFR_SIZE code to tprintf(), but this should prevent panics. Submitted by: rmacklem Found by: pho Modified: head/sys/kern/subr_prf.c Modified: head/sys/kern/subr_prf.c ============================================================================== --- head/sys/kern/subr_prf.c Tue Jun 7 04:38:33 2011 (r222803) +++ head/sys/kern/subr_prf.c Tue Jun 7 05:04:37 2011 (r222804) @@ -163,6 +163,7 @@ uprintf(const char *fmt, ...) goto out; } pca.flags = TOTTY; + pca.p_bufr = NULL; va_start(ap, fmt); tty_lock(pca.tty); retval = kvprintf(fmt, putchar, &pca, 10, ap); @@ -206,6 +207,7 @@ tprintf(struct proc *p, int pri, const c pca.pri = pri; pca.tty = tp; pca.flags = flags; + pca.p_bufr = NULL; va_start(ap, fmt); if (pca.tty != NULL) tty_lock(pca.tty); @@ -234,6 +236,7 @@ ttyprintf(struct tty *tp, const char *fm va_start(ap, fmt); pca.tty = tp; pca.flags = TOTTY; + pca.p_bufr = NULL; retval = kvprintf(fmt, putchar, &pca, 10, ap); va_end(ap); return (retval);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106070504.p5754bsm066431>