d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Take into account possible overflow when multiplying. The casuality is

Browse Source 
the malloc call later, panicing kernel due to the oversized allocation.

Reported by:	pho
Reviewed by:	jeff
This commit is contained in:
Konstantin Belousov 2008-05-26 10:01:13 +00:00
parent 454f3b9249
commit 887aedc64e
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=179313
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/kern/kern_cpuset.c
View File

@ -805,7 +805,7 @@ cpuset_getaffinity(struct thread *td, struct cpuset_getaffinity_args *uap)
size_t size;
if (uap->cpusetsize < sizeof(cpuset_t) ||
uap->cpusetsize * NBBY > CPU_MAXSIZE)
uap->cpusetsize > CPU_MAXSIZE / NBBY)
return (ERANGE);
size = uap->cpusetsize;
mask = malloc(size, M_TEMP, M_WAITOK | M_ZERO);
@ -892,7 +892,7 @@ cpuset_setaffinity(struct thread *td, struct cpuset_setaffinity_args *uap)
int error;
if (uap->cpusetsize < sizeof(cpuset_t) ||
uap->cpusetsize * NBBY > CPU_MAXSIZE)
uap->cpusetsize > CPU_MAXSIZE / NBBY)
return (ERANGE);
mask = malloc(uap->cpusetsize, M_TEMP, M_WAITOK | M_ZERO);
error = copyin(uap->mask, mask, uap->cpusetsize);