hrev53697 adds 1 changeset to branch 'master'
old head: 3e818f2075e1764c33fe620e8c51b7c47091afc4
new head: 2cf8f0ee6b4f9a27af5b79d77da12791d4bd1ff3
overview:
https://git.haiku-os.org/haiku/log/?qt=range&q=2cf8f0ee6b4f+%5E3e818f2075e1
----------------------------------------------------------------------------
2cf8f0ee6b4f: kernel: add assert in _user_read_dir
* This will help catch bugs such as in #15607.
Change-Id: I25b28932f9db4e2abe8499dd829c910bb565086b
Reviewed-on: https://review.haiku-os.org/c/haiku/+/2082
Reviewed-by: waddlesplash <waddlesplash@xxxxxxxxx>
[ X512 <danger_mail@xxxxxxx> ]
----------------------------------------------------------------------------
Revision: hrev53697
Commit: 2cf8f0ee6b4f9a27af5b79d77da12791d4bd1ff3
URL: https://git.haiku-os.org/haiku/commit/?id=2cf8f0ee6b4f
Author: X512 <danger_mail@xxxxxxx>
Date: Tue Jan 7 16:53:33 2020 UTC
Committer: waddlesplash <waddlesplash@xxxxxxxxx>
Commit-Date: Fri Jan 10 00:24:56 2020 UTC
Ticket: https://dev.haiku-os.org/ticket/15607
----------------------------------------------------------------------------
1 file changed, 4 insertions(+)
src/system/kernel/fs/fd.cpp | 4 ++++
----------------------------------------------------------------------------
diff --git a/src/system/kernel/fs/fd.cpp b/src/system/kernel/fs/fd.cpp
index e7e1dc68cc..91fe26c08b 100644
--- a/src/system/kernel/fs/fd.cpp
+++ b/src/system/kernel/fs/fd.cpp
@@ -984,6 +984,8 @@ _user_read_dir(int fd, struct dirent* userBuffer, size_t
bufferSize,
if (status != B_OK)
return status;
+ ASSERT(count <= maxCount);
+
// copy the buffer back -- determine the total buffer size first
size_t sizeToCopy = 0;
BytePointer<struct dirent> entry = buffer;
@@ -993,6 +995,8 @@ _user_read_dir(int fd, struct dirent* userBuffer, size_t
bufferSize,
entry += length;
}
+ ASSERT(sizeToCopy <= bufferSize);
+
if (user_memcpy(userBuffer, buffer, sizeToCopy) != B_OK)
return B_BAD_ADDRESS;
