diff options
author | Andrew Church <gentoo4@achurch.org> | 2009-09-24 10:51:12 -0700 |
---|---|---|
committer | Kay Sievers <kay.sievers@vrfy.org> | 2009-09-24 10:53:10 -0700 |
commit | 4daa146bf71cea174271371a0eb3cf22719a550b (patch) | |
tree | cbc5cce64745d6eaaeca4d78c82257bb7275a366 | |
parent | 49c3a01d444052169363030dfd996fc7fd6a4fad (diff) |
fix wrong parameter size on ioctl FIONREAD
On Wed, Sep 23, 2009 at 23:11, Matthias Schwarzott <zzam@gentoo.org> wrote:
> It is about ioctl failures on amd64:
> http://bugs.gentoo.org/show_bug.cgi?id=286041
>
> A bad parameter type to an ioctl() call causes udev-146 to generate "error
> getting buffer for inotify" messages in syslog. The offending code is
> roughly:
>
> ssize_t nbytes, pos;
> // ...
> ioctl(fd, FIONREAD, &nbytes);
>
> where ssize_t is 64 bits on amd64, but the kernel code for FIONREAD (at least
> through gentoo-sources-2.6.31) uses type int:
>
> p = (void __user *) arg;
> switch (cmd) {
> case FIONREAD:
> // ...
> ret = put_user(send_len, (int __user *) p);
>
> so the upper 32 bits of "nbytes" are left uninitialized, and the subsequent
> malloc(nbytes) fails unless those 32 bits happen to be zero (or the system has
> a LOT of memory).
-rw-r--r-- | udev/udevd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/udev/udevd.c b/udev/udevd.c index 2eb914a3f3..62c643668c 100644 --- a/udev/udevd.c +++ b/udev/udevd.c @@ -662,7 +662,7 @@ static void handle_ctrl_msg(struct udev_ctrl *uctrl) /* read inotify messages */ static int handle_inotify(struct udev *udev) { - ssize_t nbytes, pos; + int nbytes, pos; char *buf; struct inotify_event *ev; |