diff options
| author | Robert Mustacchi <rm@joyent.com> | 2016-02-27 04:00:42 +0000 |
|---|---|---|
| committer | Robert Mustacchi <rm@joyent.com> | 2016-03-28 07:30:32 -0700 |
| commit | 258e8624229ac7ff3af9890752a92cd251b83825 (patch) | |
| tree | fc0e0f1da869ab8aa9cc0df114135bd07b9e7866 | |
| parent | a4888653b44963eab5e74d73b1ac425648d2e62b (diff) | |
| download | illumos-joyent-258e8624229ac7ff3af9890752a92cd251b83825.tar.gz | |
5895 mdb_alloc() succeeds for 4294967295 bytes in 32-bit process
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
Reviewed by: Dave Pacheco <dap@joyent.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Jason King <jason.brian.king@gmail.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
| -rw-r--r-- | usr/src/cmd/mdb/common/mdb/mdb_umem.c | 7 | ||||
| -rw-r--r-- | usr/src/cmd/mdb/common/mdb/mdb_umem.h | 17 |
2 files changed, 19 insertions, 5 deletions
diff --git a/usr/src/cmd/mdb/common/mdb/mdb_umem.c b/usr/src/cmd/mdb/common/mdb/mdb_umem.c index d293e2d898..3b387d570c 100644 --- a/usr/src/cmd/mdb/common/mdb/mdb_umem.c +++ b/usr/src/cmd/mdb/common/mdb/mdb_umem.c @@ -24,8 +24,6 @@ * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" - /* * These routines simply provide wrappers around malloc(3C) and free(3C) * for now. In the future we hope to provide a userland equivalent to @@ -169,11 +167,14 @@ void * mdb_alloc_align(size_t nbytes, size_t align, uint_t flags) { void *ptr; + size_t obytes = nbytes; - if (nbytes == 0) + if (nbytes == 0 || nbytes > MDB_ALLOC_MAX) return (NULL); nbytes = (nbytes + sizeof (uint32_t) - 1) & ~(sizeof (uint32_t) - 1); + if (nbytes < obytes || nbytes == 0) + return (NULL); if (align != 0) ptr = memalign(align, nbytes); diff --git a/usr/src/cmd/mdb/common/mdb/mdb_umem.h b/usr/src/cmd/mdb/common/mdb/mdb_umem.h index c06e143fab..bc3e0b40a6 100644 --- a/usr/src/cmd/mdb/common/mdb/mdb_umem.h +++ b/usr/src/cmd/mdb/common/mdb/mdb_umem.h @@ -27,9 +27,8 @@ #ifndef _MDB_UMEM_H #define _MDB_UMEM_H -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/types.h> +#include <limits.h> #ifdef __cplusplus extern "C" { @@ -48,6 +47,20 @@ extern void mdb_free_align(void *, size_t); extern void mdb_recycle(mdb_mblk_t **); +/* + * These values represent an attempt to help constrain dmods that have bugs and + * have accidentally underflowed their size arguments. They represent + * allocations that are impossible. + */ +#if defined(_ILP32) +#define MDB_ALLOC_MAX INT32_MAX +#elif defined(_LP64) +#define MDB_ALLOC_MAX INT64_MAX +#else +#error "Unknown data model" +#endif + + #endif /* _MDB */ #ifdef __cplusplus |