LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-01-02 16:25:34 +03:00
Code Issues Packages Projects Releases Wiki Activity

Kernel: Fix integer overflow in KCOV_SETBUFSIZE ioctl

Browse Source
This commit is contained in:
Patrick Meyer 2021-07-26 21:44:49 +02:00 committed by Andreas Kling
parent 4857943a71
commit d5fdb97a81
Notes: sideshowbarker 2024-07-18 08:17:24 +09:00 
Author: https://github.com/HerrSpace
Commit: https://github.com/SerenityOS/serenity/commit/d5fdb97a812
Pull-request: https://github.com/SerenityOS/serenity/pull/9029
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Kernel/Devices/KCOVInstance.cpp
View File

@ -17,6 +17,9 @@ KCOVInstance::KCOVInstance(ProcessID pid)
KResult KCOVInstance::buffer_allocate(size_t buffer_size_in_entries) KResult KCOVInstance::buffer_allocate(size_t buffer_size_in_entries)
{ {
if (buffer_size_in_entries < 2 || buffer_size_in_entries > KCOV_MAX_ENTRIES)
return EINVAL;
// first entry contains index of last PC // first entry contains index of last PC
this->m_buffer_size_in_entries = buffer_size_in_entries - 1; this->m_buffer_size_in_entries = buffer_size_in_entries - 1;
this->m_buffer_size_in_bytes = page_round_up(buffer_size_in_entries * KCOV_ENTRY_SIZE); this->m_buffer_size_in_bytes = page_round_up(buffer_size_in_entries * KCOV_ENTRY_SIZE);

1
Kernel/Devices/KCOVInstance.h
View File

@ -14,6 +14,7 @@ namespace Kernel {
// Note: These need to be kept in sync with Userland/Libraries/LibC/sys/kcov.h // Note: These need to be kept in sync with Userland/Libraries/LibC/sys/kcov.h
typedef volatile u64 kcov_pc_t; typedef volatile u64 kcov_pc_t;
#define KCOV_ENTRY_SIZE sizeof(kcov_pc_t) #define KCOV_ENTRY_SIZE sizeof(kcov_pc_t)
#define KCOV_MAX_ENTRIES (10 * 1024 * 1024)
/* /*
* One KCOVInstance is allocated per process, when the process opens /dev/kcov * One KCOVInstance is allocated per process, when the process opens /dev/kcov