diff options
| author | Alex Wilson <alex.wilson@joyent.com> | 2016-04-15 14:10:39 -0700 |
|---|---|---|
| committer | Robert Mustacchi <rm@joyent.com> | 2016-06-02 15:51:47 -0700 |
| commit | 0b8049bfb0e291160e960697b554596289d7f0bc (patch) | |
| tree | 1fbdc0f50b051adc3416abb0d9a00b8eb386873a /usr/src | |
| parent | 771e39c3b1d6e2e0ba230442d782d83c60098296 (diff) | |
| download | illumos-joyent-0b8049bfb0e291160e960697b554596289d7f0bc.tar.gz | |
7034 negative record sizes should be rejected
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
Reviewed by: Bryan Cantrill <bryan@joyent.com>
Approved by: Matthew Ahrens <mahrens@delphix.com>
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/uts/common/dtrace/dtrace.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/usr/src/uts/common/dtrace/dtrace.c b/usr/src/uts/common/dtrace/dtrace.c index 65bcfbae8b..c64c60dd96 100644 --- a/usr/src/uts/common/dtrace/dtrace.c +++ b/usr/src/uts/common/dtrace/dtrace.c @@ -10565,7 +10565,7 @@ dtrace_ecb_enable(dtrace_ecb_t *ecb) } } -static void +static int dtrace_ecb_resize(dtrace_ecb_t *ecb) { dtrace_action_t *act; @@ -10599,6 +10599,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment); rec->dtrd_offset = curneeded; + if (curneeded + rec->dtrd_size < curneeded) + return (EINVAL); curneeded += rec->dtrd_size; ecb->dte_needed = MAX(ecb->dte_needed, curneeded); @@ -10623,6 +10625,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) } curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment); rec->dtrd_offset = curneeded; + if (curneeded + rec->dtrd_size < curneeded) + return (EINVAL); curneeded += rec->dtrd_size; } else { /* tuples must be followed by an aggregation */ @@ -10632,6 +10636,8 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) ecb->dte_size = P2ROUNDUP(ecb->dte_size, rec->dtrd_alignment); rec->dtrd_offset = ecb->dte_size; + if (ecb->dte_size + rec->dtrd_size < ecb->dte_size) + return (EINVAL); ecb->dte_size += rec->dtrd_size; ecb->dte_needed = MAX(ecb->dte_needed, ecb->dte_size); } @@ -10651,6 +10657,7 @@ dtrace_ecb_resize(dtrace_ecb_t *ecb) ecb->dte_needed = P2ROUNDUP(ecb->dte_needed, (sizeof (dtrace_epid_t))); ecb->dte_state->dts_needed = MAX(ecb->dte_state->dts_needed, ecb->dte_needed); + return (0); } static dtrace_action_t * @@ -11318,7 +11325,10 @@ dtrace_ecb_create(dtrace_state_t *state, dtrace_probe_t *probe, } } - dtrace_ecb_resize(ecb); + if ((enab->dten_error = dtrace_ecb_resize(ecb)) != 0) { + dtrace_ecb_destroy(ecb); + return (NULL); + } return (dtrace_ecb_create_cache = ecb); } |