Fix a range check bug. Don't left-shift the integer argument 'data'.

Sign extension happens after the shift, not before so that boundary
cases like 0x40000000 will not be caught properly.
Instead, right shift ndirty. It is guaranteed to be a multiple of 8.
While here, do some manual code motion and code commoning.

Range check bug pointed out by: iedowse
This commit is contained in:
Marcel Moolenaar 2003-08-16 01:49:38 +00:00
parent 3ba682b624
commit c6d402d3f2

View File

@ -40,26 +40,21 @@ cpu_ptrace(struct thread *td, int req, void *addr, int data)
uint64_t *kstack;
int error;
error = 0;
error = EINVAL;
tf = td->td_frame;
switch (req) {
case PT_GETKSTACK:
tf = td->td_frame;
if (data >= 0 && (data << 3) < tf->tf_special.ndirty) {
if (data >= 0 && data < (tf->tf_special.ndirty >> 3)) {
kstack = (uint64_t*)td->td_kstack;
error = copyout(kstack + data, addr, 8);
} else
error = EINVAL;
}
break;
case PT_SETKSTACK:
tf = td->td_frame;
if (data >= 0 && (data << 3) < tf->tf_special.ndirty) {
if (data >= 0 && data < (tf->tf_special.ndirty >> 3)) {
kstack = (uint64_t*)td->td_kstack;
error = copyin(addr, kstack + data, 8);
} else
error = EINVAL;
break;
default:
error = EINVAL;
}
break;
}