From c6d402d3f23a3d84a52e4164480d4b4041fda01d Mon Sep 17 00:00:00 2001 From: Marcel Moolenaar Date: Sat, 16 Aug 2003 01:49:38 +0000 Subject: [PATCH] Fix a range check bug. Don't left-shift the integer argument 'data'. Sign extension happens after the shift, not before so that boundary cases like 0x40000000 will not be caught properly. Instead, right shift ndirty. It is guaranteed to be a multiple of 8. While here, do some manual code motion and code commoning. Range check bug pointed out by: iedowse --- sys/ia64/ia64/ptrace_machdep.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/sys/ia64/ia64/ptrace_machdep.c b/sys/ia64/ia64/ptrace_machdep.c index 90c17c671910..0f269e26cba3 100644 --- a/sys/ia64/ia64/ptrace_machdep.c +++ b/sys/ia64/ia64/ptrace_machdep.c @@ -40,26 +40,21 @@ cpu_ptrace(struct thread *td, int req, void *addr, int data) uint64_t *kstack; int error; - error = 0; + error = EINVAL; + tf = td->td_frame; + switch (req) { case PT_GETKSTACK: - tf = td->td_frame; - if (data >= 0 && (data << 3) < tf->tf_special.ndirty) { + if (data >= 0 && data < (tf->tf_special.ndirty >> 3)) { kstack = (uint64_t*)td->td_kstack; error = copyout(kstack + data, addr, 8); - } else - error = EINVAL; + } break; case PT_SETKSTACK: - tf = td->td_frame; - if (data >= 0 && (data << 3) < tf->tf_special.ndirty) { + if (data >= 0 && data < (tf->tf_special.ndirty >> 3)) { kstack = (uint64_t*)td->td_kstack; error = copyin(addr, kstack + data, 8); - } else - error = EINVAL; - break; - default: - error = EINVAL; + } break; }