One of the compat32 functions was copying in a raw timespec, instead of

a 32-bit one. This can cause weird timeout issues, as the copying reads garbage from the user. Code by: Deepak Veliath <deepak dot veliath at isilon dot com> MFC after: 1 week
2010-12-15 19:30:44 +00:00 · 2010-12-15 19:30:44 +00:00 · 60b768f654
commit 60b768f654
parent dd13f4b76e
1 changed files with 1 additions and 2 deletions
--- a/sys/kern/kern_umtx.c
+++ b/sys/kern/kern_umtx.c
@ -3411,8 +3411,7 @@ __umtx_op_rw_rdlock_compat32(struct thread *td, struct _umtx_op_args *uap)
 	if (uap->uaddr2 == NULL) {
 		error = do_rw_rdlock(td, uap->obj, uap->val, 0);
 	} else {
-		error = copyin(uap->uaddr2, &timeout,
-		    sizeof(timeout));
+		error = copyin_timeout32(uap->uaddr2, &timeout);
 		if (error != 0)
 			return (error);
 		if (timeout.tv_nsec >= 1000000000 ||