diff options
author | Patrick Wildt <patrick@cvs.openbsd.org> | 2020-10-20 23:21:42 +0000 |
---|---|---|
committer | Patrick Wildt <patrick@cvs.openbsd.org> | 2020-10-20 23:21:42 +0000 |
commit | deb4f2e2006d1af20943a8063d60f77db67d0c1a (patch) | |
tree | c4a9d3b89c84c329051b8fdd604978f541d97b9a /sys/arch/arm64 | |
parent | 84c3a7d0b1aa069774353267b5b94194e95057d7 (diff) |
copyout(9), copyinstr(9) and copyoutstr(9) should bail out
properly if they are called with a length of 0.
Found by our regression tests
Debugged with deraadt@
ok kettenis@
Diffstat (limited to 'sys/arch/arm64')
-rw-r--r-- | sys/arch/arm64/arm64/copystr.S | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/sys/arch/arm64/arm64/copystr.S b/sys/arch/arm64/arm64/copystr.S index 73e96bd30c9..13935f722ca 100644 --- a/sys/arch/arm64/arm64/copystr.S +++ b/sys/arch/arm64/arm64/copystr.S @@ -1,4 +1,4 @@ -/* $OpenBSD: copystr.S,v 1.6 2020/01/11 16:41:30 deraadt Exp $ */ +/* $OpenBSD: copystr.S,v 1.7 2020/10/20 23:21:41 patrick Exp $ */ /* * Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com> * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se> @@ -42,6 +42,7 @@ ENTRY(copystr) str x7, [x6, #(PCB_ONFAULT)] // set handler mov x8, xzr + cbz x2, 2f 1: ldrb w4, [x0], 1 strb w4, [x1], #1 @@ -50,6 +51,7 @@ ENTRY(copystr) cbz w4, .Lcopystrsuccess cbnz x2, 1b +2: mov x0, #ENAMETOOLONG b .Lcopystrcleanup @@ -61,9 +63,9 @@ ENTRY(copystr) mov x0, xzr .Lcopystrcleanup: - cbz x3, 2f + cbz x3, 3f str x8, [x3] -2: +3: str x5, [x6, #(PCB_ONFAULT)] RETGUARD_CHECK(copystr, x15) ret @@ -85,6 +87,7 @@ ENTRY(copyinstr) str x7, [x6, #(PCB_ONFAULT)] // set handler mov x8, xzr + cbz x2, 2f 1: tst x0, #(1ULL << 63) b.ne .Lcopystrfault @@ -96,6 +99,7 @@ ENTRY(copyinstr) cbz w4, .Lcopystrsuccess cbnz x2, 1b +2: mov x0, #ENAMETOOLONG b .Lcopystrcleanup @@ -116,6 +120,7 @@ ENTRY(copyoutstr) str x7, [x6, #(PCB_ONFAULT)] // set handler mov x8, xzr + cbz x2, 2f 1: tst x1, #(1ULL << 63) b.ne .Lcopystrfault @@ -127,5 +132,6 @@ ENTRY(copyoutstr) cbz w4, .Lcopystrsuccess cbnz x2, 1b +2: mov x0, #ENAMETOOLONG b .Lcopystrcleanup |