Kostik Belousov <kostik...@gmail.com> writes: > This is easy to fix, isn't it ? But there seems to be much more nits. > > First, allocating 512 * sizeof(char *)-byte object on the stack is not > good. > > Second, the initialization of iov_len for reading the array > of string pointers misses '* sizeof(char *)'. > > And third (probably fatal) is the lack of checks that the end of > array and each string fits into the user portion of the map. I do not > see why addr that already has u_long type is casted to u_long. Also, > VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS constants are for the native host > FreeBSD ABI, they may differ from the target process limits.
Blah, I clearly didn't look closely enough at the final version. The original patch used malloc() but introduced a potential race condition due to having to drop the process lock. I wrote a version that used _PHOLD() / _PRELE() to hold the process across the unlock / malloc / lock window, but the originator had trouble with it (albeit only in qemu, not on real hardware), and I wasn't 100% sure my reasoning was sound, so I accepted his suggested solution. I'll look into this tomorrow. DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
