Fix a range check bug. Don't left-shift the integer argument 'data'.
Sign extension happens after the shift, not before so that boundary cases like 0x40000000 will not be caught properly. Instead, right shift ndirty. It is guaranteed to be a multiple of 8. While here, do some manual code motion and code commoning. Range check bug pointed out by: iedowse
This commit is contained in:
parent
3ba682b624
commit
c6d402d3f2
@ -40,26 +40,21 @@ cpu_ptrace(struct thread *td, int req, void *addr, int data)
|
||||
uint64_t *kstack;
|
||||
int error;
|
||||
|
||||
error = 0;
|
||||
error = EINVAL;
|
||||
tf = td->td_frame;
|
||||
|
||||
switch (req) {
|
||||
case PT_GETKSTACK:
|
||||
tf = td->td_frame;
|
||||
if (data >= 0 && (data << 3) < tf->tf_special.ndirty) {
|
||||
if (data >= 0 && data < (tf->tf_special.ndirty >> 3)) {
|
||||
kstack = (uint64_t*)td->td_kstack;
|
||||
error = copyout(kstack + data, addr, 8);
|
||||
} else
|
||||
error = EINVAL;
|
||||
}
|
||||
break;
|
||||
case PT_SETKSTACK:
|
||||
tf = td->td_frame;
|
||||
if (data >= 0 && (data << 3) < tf->tf_special.ndirty) {
|
||||
if (data >= 0 && data < (tf->tf_special.ndirty >> 3)) {
|
||||
kstack = (uint64_t*)td->td_kstack;
|
||||
error = copyin(addr, kstack + data, 8);
|
||||
} else
|
||||
error = EINVAL;
|
||||
break;
|
||||
default:
|
||||
error = EINVAL;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user