Set pca.p_bufr to NULL when we haven't allocated a buffer.

Otherwise, p_bufr is set to garbage on the stack, and if that garbage happens to be non-NULL, and the TOLOG or TOCONS flag is set, putbuf() will get called and attempt to fill the non-existent buffer. This is really only relevant for tprintf() (and only when the priority is not -1), but set it in uprintf() and ttyprintf() for completeness. The next step, to avoid log buffer scrambling, would be to add the PRINTF_BUFR_SIZE code to tprintf(), but this should prevent panics. Submitted by: rmacklem Found by: pho
2011-06-07 05:04:37 +00:00 · 2011-06-07 05:04:37 +00:00 · 5e319c480c
commit 5e319c480c
parent 1d90532abe
1 changed files with 3 additions and 0 deletions
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@ -163,6 +163,7 @@ uprintf(const char *fmt, ...)
 		goto out;
 	}
 	pca.flags = TOTTY;
+	pca.p_bufr = NULL;
 	va_start(ap, fmt);
 	tty_lock(pca.tty);
 	retval = kvprintf(fmt, putchar, &pca, 10, ap);
@ -206,6 +207,7 @@ tprintf(struct proc *p, int pri, const char *fmt, ...)
 	pca.pri = pri;
 	pca.tty = tp;
 	pca.flags = flags;
+	pca.p_bufr = NULL;
 	va_start(ap, fmt);
 	if (pca.tty != NULL)
 		tty_lock(pca.tty);
@ -234,6 +236,7 @@ ttyprintf(struct tty *tp, const char *fmt, ...)
 	va_start(ap, fmt);
 	pca.tty = tp;
 	pca.flags = TOTTY;
+	pca.p_bufr = NULL;
 	retval = kvprintf(fmt, putchar, &pca, 10, ap);
 	va_end(ap);
 	return (retval);