Date: Tue, 16 Aug 2016 02:18:34 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r304197 - head/sys/cddl/contrib/opensolaris/uts/common/dtrace Message-ID: <201608160218.u7G2IYDj051357@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Tue Aug 16 02:18:34 2016 New Revision: 304197 URL: https://svnweb.freebsd.org/changeset/base/304197 Log: MFV r301524: 7034 negative record sizes should be rejected Reviewed by: Patrick Mooney <patrick.mooney@joyent.com> Reviewed by: Bryan Cantrill <bryan@joyent.com> Approved by: Matthew Ahrens <mahrens@delphix.com> Author: Alex Wilson <alex.wilson@joyent.com> illumos/illumos-gate@0b8049bfb0e291160e960697b554596289d7f0bc MFC after: 2 weeks Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Directory Properties: head/sys/cddl/contrib/opensolaris/ (props changed) Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Tue Aug 16 02:16:54 2016 (r304196) +++ head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Tue Aug 16 02:18:34 2016 (r304197) @@ -11017,7 +11017,7 @@ dtrace_ecb_enable(dtrace_ecb_t *ecb) } } -static void +static int dtrace_ecb_resize(dtrace_ecb_t *ecb) { dtrace_action_t *act; @@ -11051,6 +11051,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment); rec->dtrd_offset = curneeded; + if (curneeded + rec->dtrd_size < curneeded) + return (EINVAL); curneeded += rec->dtrd_size; ecb->dte_needed = MAX(ecb->dte_needed, curneeded); @@ -11075,6 +11077,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) } curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment); rec->dtrd_offset = curneeded; + if (curneeded + rec->dtrd_size < curneeded) + return (EINVAL); curneeded += rec->dtrd_size; } else { /* tuples must be followed by an aggregation */ @@ -11084,6 +11088,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) ecb->dte_size = P2ROUNDUP(ecb->dte_size, rec->dtrd_alignment); rec->dtrd_offset = ecb->dte_size; + if (ecb->dte_size + rec->dtrd_size < ecb->dte_size) + return (EINVAL); ecb->dte_size += rec->dtrd_size; ecb->dte_needed = MAX(ecb->dte_needed, ecb->dte_size); } @@ -11103,6 +11109,7 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) ecb->dte_needed = P2ROUNDUP(ecb->dte_needed, (sizeof (dtrace_epid_t))); ecb->dte_state->dts_needed = MAX(ecb->dte_state->dts_needed, ecb->dte_needed); + return (0); } static dtrace_action_t * @@ -11788,7 +11795,10 @@ dtrace_ecb_create(dtrace_state_t *state, } } - dtrace_ecb_resize(ecb); + if ((enab->dten_error = dtrace_ecb_resize(ecb)) != 0) { + dtrace_ecb_destroy(ecb); + return (NULL); + } return (dtrace_ecb_create_cache = ecb); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608160218.u7G2IYDj051357>