Fix NULL pointer dereference and panic with shm file pread/pwrite.

PR: 217429 Reported by: Tim Newsham <tim.newsham@nccgroup.trust> Reviewed by: kib Approved by: dchagin MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D9844
2017-03-10 10:09:44 +00:00 · 2017-03-10 10:09:44 +00:00 · 32a1fb0d3d
commit 32a1fb0d3d
parent fde6665233
1 changed files with 4 additions and 2 deletions
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@ -334,7 +334,8 @@ kern_preadv(td, fd, auio, offset)
 		return (error);
 	if (!(fp->f_ops->fo_flags & DFLAG_SEEKABLE))
 		error = ESPIPE;
-	else if (offset < 0 && fp->f_vnode->v_type != VCHR)
+	else if (offset < 0 &&
+	    (fp->f_vnode == NULL || fp->f_vnode->v_type != VCHR))
 		error = EINVAL;
 	else
 		error = dofileread(td, fd, fp, auio, offset, FOF_OFFSET);
@ -548,7 +549,8 @@ kern_pwritev(td, fd, auio, offset)
 		return (error);
 	if (!(fp->f_ops->fo_flags & DFLAG_SEEKABLE))
 		error = ESPIPE;
-	else if (offset < 0 && fp->f_vnode->v_type != VCHR)
+	else if (offset < 0 &&
+	    (fp->f_vnode == NULL || fp->f_vnode->v_type != VCHR))
 		error = EINVAL;
 	else
 		error = dofilewrite(td, fd, fp, auio, offset, FOF_OFFSET);