jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-12-02 04:13:39 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add a check to prevent a computation from underflowing and causing

Browse Source 
a panic due to an attaempt to allocate a buffer for a terabyte or
so of data when an attempt is made to create sparse data (e.g.
a holey file) more than 1 block past the end of the file.

Note:  some other areas of this code need to be looked at,
since they might cause problems when the file size exceeds 2GB,
due to storing results in ints when the computations are being
done with quad sized variables.

Reviewed by:	bde
This commit is contained in:
Mike Pritchard 1996-01-24 18:52:18 +00:00
parent bf6024ee3a
commit 97f1b9871e
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=13612
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/nfs/nfs_bio.c
View File

@ -34,7 +34,7 @@
* SUCH DAMAGE.
*
* @(#)nfs_bio.c 8.5 (Berkeley) 1/4/94
* $Id: nfs_bio.c,v 1.20 1995/12/07 12:47:23 davidg Exp $
* $Id: nfs_bio.c,v 1.21 1995/12/17 21:12:13 phk Exp $
*/
#include <sys/param.h>
@ -211,7 +211,7 @@ nfs_bioread(vp, uio, ioflag, cred)
*/
if (nfs_numasync > 0 && nmp->nm_readahead > 0) {
for (nra = 0; nra < nmp->nm_readahead &&
(lbn + 1 + nra) * biosize < np->n_size; nra++) {
(off_t)(lbn + 1 + nra) * biosize < np->n_size; nra++) {
rabn = lbn + 1 + nra;
if (!incore(vp, rabn)) {
rabp = nfs_getcacheblk(vp, rabn, biosize, p);
@ -240,7 +240,8 @@ nfs_bioread(vp, uio, ioflag, cred)
*/
again:
bufsize = biosize;
if ((lbn + 1) * biosize > np->n_size) {
if ((off_t)(lbn + 1) * biosize > np->n_size &&
(off_t)(lbn + 1) * biosize - np->n_size < biosize) {
bufsize = np->n_size - lbn * biosize;
bufsize = (bufsize + DEV_BSIZE - 1) & ~(DEV_BSIZE - 1);
}

7
sys/nfsclient/nfs_bio.c
View File

@ -34,7 +34,7 @@
* SUCH DAMAGE.
*
* @(#)nfs_bio.c 8.5 (Berkeley) 1/4/94
* $Id: nfs_bio.c,v 1.20 1995/12/07 12:47:23 davidg Exp $
* $Id: nfs_bio.c,v 1.21 1995/12/17 21:12:13 phk Exp $
*/
#include <sys/param.h>
@ -211,7 +211,7 @@ nfs_bioread(vp, uio, ioflag, cred)
*/
if (nfs_numasync > 0 && nmp->nm_readahead > 0) {
for (nra = 0; nra < nmp->nm_readahead &&
(lbn + 1 + nra) * biosize < np->n_size; nra++) {
(off_t)(lbn + 1 + nra) * biosize < np->n_size; nra++) {
rabn = lbn + 1 + nra;
if (!incore(vp, rabn)) {
rabp = nfs_getcacheblk(vp, rabn, biosize, p);
@ -240,7 +240,8 @@ nfs_bioread(vp, uio, ioflag, cred)
*/
again:
bufsize = biosize;
if ((lbn + 1) * biosize > np->n_size) {
if ((off_t)(lbn + 1) * biosize > np->n_size &&
(off_t)(lbn + 1) * biosize - np->n_size < biosize) {
bufsize = np->n_size - lbn * biosize;
bufsize = (bufsize + DEV_BSIZE - 1) & ~(DEV_BSIZE - 1);
}