diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2009-11-13 21:10:35 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2009-11-13 21:10:35 +0000 |
| commit | 6490d05430258cd0ac04bcbc21dcfea4c47ea3bc (patch) | |
| tree | 17deb38175a46f9186899b33c30bf52a524e3b1c /sys | |
| parent | a49dcb067ccc0d0288291f437054538b34b31dcf (diff) | |
>15 year old buffer-read-1-byte-too-far in clrbits() [code I wrote, yeah]
with a subtle change to make it more clear (and more cache friendly)
netbsd pr 42312, found by tlambert@apple.com
ok miod
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/tty_subr.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/sys/kern/tty_subr.c b/sys/kern/tty_subr.c index e14e5bef642..3518cbc1b37 100644 --- a/sys/kern/tty_subr.c +++ b/sys/kern/tty_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty_subr.c,v 1.21 2009/07/19 08:16:06 blambert Exp $ */ +/* $OpenBSD: tty_subr.c,v 1.22 2009/11/13 21:10:34 deraadt Exp $ */ /* $NetBSD: tty_subr.c,v 1.13 1996/02/09 19:00:43 christos Exp $ */ /* @@ -304,11 +304,13 @@ clrbits(u_char *cp, int off, int len) mask = (1<<sbi) - 1; cp[sby++] &= mask; - mask = (1<<ebi) - 1; - cp[eby] &= ~mask; - for (i = sby; i < eby; i++) cp[i] = 0x00; + + mask = (1<<ebi) - 1; + if (mask) /* if no mask, eby may be 1 too far */ + cp[eby] &= ~mask; + } } |