Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Jun 2016 22:06:45 +0000 (UTC)
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r301524 - vendor-sys/illumos/dist/uts/common/dtrace
Message-ID:  <201606062206.u56M6jbC040693@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: markj
Date: Mon Jun  6 22:06:45 2016
New Revision: 301524
URL: https://svnweb.freebsd.org/changeset/base/301524

Log:
  7034 negative record sizes should be rejected
  
  Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
  Reviewed by: Bryan Cantrill <bryan@joyent.com>
  Approved by: Matthew Ahrens <mahrens@delphix.com>
  Author: Alex Wilson <alex.wilson@joyent.com>
  
  illumos/illumos-gate@0b8049bfb0e291160e960697b554596289d7f0bc

Modified:
  vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c

Modified: vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c
==============================================================================
--- vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c	Mon Jun  6 21:04:29 2016	(r301523)
+++ vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c	Mon Jun  6 22:06:45 2016	(r301524)
@@ -10427,7 +10427,7 @@ dtrace_ecb_enable(dtrace_ecb_t *ecb)
 	}
 }
 
-static void
+static int
 dtrace_ecb_resize(dtrace_ecb_t *ecb)
 {
 	dtrace_action_t *act;
@@ -10461,6 +10461,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb)
 
 			curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment);
 			rec->dtrd_offset = curneeded;
+			if (curneeded + rec->dtrd_size < curneeded)
+				return (EINVAL);
 			curneeded += rec->dtrd_size;
 			ecb->dte_needed = MAX(ecb->dte_needed, curneeded);
 
@@ -10485,6 +10487,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb)
 			}
 			curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment);
 			rec->dtrd_offset = curneeded;
+			if (curneeded + rec->dtrd_size < curneeded)
+				return (EINVAL);
 			curneeded += rec->dtrd_size;
 		} else {
 			/* tuples must be followed by an aggregation */
@@ -10494,6 +10498,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb)
 			ecb->dte_size = P2ROUNDUP(ecb->dte_size,
 			    rec->dtrd_alignment);
 			rec->dtrd_offset = ecb->dte_size;
+			if (ecb->dte_size + rec->dtrd_size < ecb->dte_size)
+				return (EINVAL);
 			ecb->dte_size += rec->dtrd_size;
 			ecb->dte_needed = MAX(ecb->dte_needed, ecb->dte_size);
 		}
@@ -10513,6 +10519,7 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb)
 	ecb->dte_needed = P2ROUNDUP(ecb->dte_needed, (sizeof (dtrace_epid_t)));
 	ecb->dte_state->dts_needed = MAX(ecb->dte_state->dts_needed,
 	    ecb->dte_needed);
+	return (0);
 }
 
 static dtrace_action_t *
@@ -11180,7 +11187,10 @@ dtrace_ecb_create(dtrace_state_t *state,
 		}
 	}
 
-	dtrace_ecb_resize(ecb);
+	if ((enab->dten_error = dtrace_ecb_resize(ecb)) != 0) {
+		dtrace_ecb_destroy(ecb);
+		return (NULL);
+	}
 
 	return (dtrace_ecb_create_cache = ecb);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606062206.u56M6jbC040693>