summaryrefslogtreecommitdiff
path: root/sys/ufs/lfs/lfs_syscalls.c
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2002-08-02 18:06:26 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2002-08-02 18:06:26 +0000
commit3e4903bd6ac871af81bec9d479ba811f3165d939 (patch)
treecaa2f4fec767fcd36d74c4118e31ee76f54e1ead /sys/ufs/lfs/lfs_syscalls.c
parent977fa39ace69d23d01d5a62c1c3fda0b55729478 (diff)
More possible int overflows found by Silvio Cesare.
ibcs2_stat.c one OK by provos@
Diffstat (limited to 'sys/ufs/lfs/lfs_syscalls.c')
-rw-r--r--sys/ufs/lfs/lfs_syscalls.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/ufs/lfs/lfs_syscalls.c b/sys/ufs/lfs/lfs_syscalls.c
index 45363d78ce8..86924bb660b 100644
--- a/sys/ufs/lfs/lfs_syscalls.c
+++ b/sys/ufs/lfs/lfs_syscalls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: lfs_syscalls.c,v 1.6 2002/03/14 01:27:15 millert Exp $ */
+/* $OpenBSD: lfs_syscalls.c,v 1.7 2002/08/02 18:06:24 millert Exp $ */
/* $NetBSD: lfs_syscalls.c,v 1.10 1996/02/09 22:28:56 christos Exp $ */
/*-
@@ -123,6 +123,8 @@ lfs_markv(p, v, retval)
return (EINVAL);
cnt = SCARG(uap, blkcnt);
+ if (cnt > SIZE_T_MAX / sizeof(BLOCK_INFO))
+ return (EINVAL);
start = malloc(cnt * sizeof(BLOCK_INFO), M_SEGMENT, M_WAITOK);
error = copyin(SCARG(uap, blkiov), start, cnt * sizeof(BLOCK_INFO));
if (error)
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 18:36:03 +0000