Module Name: src
Committed By: riastradh
Date: Tue Oct 1 17:15:59 UTC 2024
Modified Files:
src/sys/compat/linux/common: linux_file.c
Log Message:
linux_sys_copy_file_range: Avoid UB arithmetic overflow.
No functional change intended in the non-UB case.
To generate a diff of this commit:
cvs rdiff -u -r1.130 -r1.131 src/sys/compat/linux/common/linux_file.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/linux/common/linux_file.c
diff -u src/sys/compat/linux/common/linux_file.c:1.130 src/sys/compat/linux/common/linux_file.c:1.131
--- src/sys/compat/linux/common/linux_file.c:1.130 Tue Oct 1 17:11:39 2024
+++ src/sys/compat/linux/common/linux_file.c Tue Oct 1 17:15:59 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_file.c,v 1.130 2024/10/01 17:11:39 riastradh Exp $ */
+/* $NetBSD: linux_file.c,v 1.131 2024/10/01 17:15:59 riastradh Exp $ */
/*-
* Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_file.c,v 1.130 2024/10/01 17:11:39 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_file.c,v 1.131 2024/10/01 17:15:59 riastradh Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -1069,7 +1069,7 @@ linux_sys_copy_file_range(lwp_t *l,
syscallarg(size_t) len;
syscallarg(unsigned int) flags;
} */
-
+ const off_t OFF_MAX = __type_max(off_t);
int fd_in, fd_out;
file_t *fp_in, *fp_out;
struct vnode *invp, *outvp;
@@ -1156,12 +1156,12 @@ linux_sys_copy_file_range(lwp_t *l,
have_off_out = true;
}
- off_t new_size = off_out + len;
- if (new_size < 0) {
+ if (off_out < 0 || len > OFF_MAX - off_out) {
DPRINTF("%s: New size is greater than OFF_MAX\n", __func__);
error = EFBIG;
goto out;
}
+ const off_t new_size = off_out + len;
/* Identify overlapping ranges */
if ((invp == outvp) &&
