Mercurial > illumos > illumos-gate
changeset 14087:1eb9c4349b7c
3706 mdb segfault when random address is passed to "list" walker
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Garrett D'Amore <garrett.damore@gmail.com>
Reviewed by: Wendy Lin <wendlin1974@gmail.com>
Approved by: Gordon Ross <gwr@nexenta.com>
| author | Marcel Telka <marcel.telka@nexenta.com> |
|---|---|
| date | Sat, 27 Jul 2013 00:11:06 +0200 |
| parents | cc3db4d15c60 |
| children | 3ca4e9e72fe7 |
| files | usr/src/cmd/mdb/common/modules/genunix/list.c |
| diffstat | 1 files changed, 11 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/mdb/common/modules/genunix/list.c Fri Jul 26 21:06:29 2013 +0200 +++ b/usr/src/cmd/mdb/common/modules/genunix/list.c Sat Jul 27 00:11:06 2013 +0200 @@ -22,8 +22,9 @@ * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ - -#pragma ident "%Z%%M% %I% %E% SMI" +/* + * Copyright 2013 Nexenta Systems, Inc. All rights reserved. + */ #include <mdb/mdb_modapi.h> #include <sys/list.h> @@ -66,14 +67,20 @@ if (element_name == NULL) element_name = "list element"; - lwd = mdb_alloc(sizeof (list_walk_data_t), UM_SLEEP); if (mdb_vread(&list, sizeof (list_t), wsp->walk_addr) == -1) { mdb_warn("failed to read %s at %#lx", list_name, wsp->walk_addr); - mdb_free(lwd, sizeof (list_walk_data_t)); return (WALK_ERR); } + if (list.list_size < list.list_offset + sizeof (list_node_t)) { + mdb_warn("invalid or uninitialized %s at %#lx\n", list_name, + wsp->walk_addr); + return (WALK_ERR); + } + + lwd = mdb_alloc(sizeof (list_walk_data_t), UM_SLEEP); + lwd->lw_size = list.list_size; lwd->lw_offset = list.list_offset; lwd->lw_obj = mdb_alloc(list.list_size, UM_SLEEP);