From owner-svn-src-all@freebsd.org Mon Jun 6 22:06:47 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0B793B638DF; Mon, 6 Jun 2016 22:06:47 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A8BA51EB5; Mon, 6 Jun 2016 22:06:46 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u56M6jWs040694; Mon, 6 Jun 2016 22:06:45 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u56M6jbC040693; Mon, 6 Jun 2016 22:06:45 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201606062206.u56M6jbC040693@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Mon, 6 Jun 2016 22:06:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r301524 - vendor-sys/illumos/dist/uts/common/dtrace X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 22:06:47 -0000 Author: markj Date: Mon Jun 6 22:06:45 2016 New Revision: 301524 URL: https://svnweb.freebsd.org/changeset/base/301524 Log: 7034 negative record sizes should be rejected Reviewed by: Patrick Mooney Reviewed by: Bryan Cantrill Approved by: Matthew Ahrens Author: Alex Wilson illumos/illumos-gate@0b8049bfb0e291160e960697b554596289d7f0bc Modified: vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c Modified: vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c Mon Jun 6 21:04:29 2016 (r301523) +++ vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c Mon Jun 6 22:06:45 2016 (r301524) @@ -10427,7 +10427,7 @@ dtrace_ecb_enable(dtrace_ecb_t *ecb) } } -static void +static int dtrace_ecb_resize(dtrace_ecb_t *ecb) { dtrace_action_t *act; @@ -10461,6 +10461,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment); rec->dtrd_offset = curneeded; + if (curneeded + rec->dtrd_size < curneeded) + return (EINVAL); curneeded += rec->dtrd_size; ecb->dte_needed = MAX(ecb->dte_needed, curneeded); @@ -10485,6 +10487,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) } curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment); rec->dtrd_offset = curneeded; + if (curneeded + rec->dtrd_size < curneeded) + return (EINVAL); curneeded += rec->dtrd_size; } else { /* tuples must be followed by an aggregation */ @@ -10494,6 +10498,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) ecb->dte_size = P2ROUNDUP(ecb->dte_size, rec->dtrd_alignment); rec->dtrd_offset = ecb->dte_size; + if (ecb->dte_size + rec->dtrd_size < ecb->dte_size) + return (EINVAL); ecb->dte_size += rec->dtrd_size; ecb->dte_needed = MAX(ecb->dte_needed, ecb->dte_size); } @@ -10513,6 +10519,7 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) ecb->dte_needed = P2ROUNDUP(ecb->dte_needed, (sizeof (dtrace_epid_t))); ecb->dte_state->dts_needed = MAX(ecb->dte_state->dts_needed, ecb->dte_needed); + return (0); } static dtrace_action_t * @@ -11180,7 +11187,10 @@ dtrace_ecb_create(dtrace_state_t *state, } } - dtrace_ecb_resize(ecb); + if ((enab->dten_error = dtrace_ecb_resize(ecb)) != 0) { + dtrace_ecb_destroy(ecb); + return (NULL); + } return (dtrace_ecb_create_cache = ecb); }