summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Church <gentoo4@achurch.org>2009-09-24 10:51:12 -0700
committerKay Sievers <kay.sievers@vrfy.org>2009-09-24 10:53:10 -0700
commit4daa146bf71cea174271371a0eb3cf22719a550b (patch)
treecbc5cce64745d6eaaeca4d78c82257bb7275a366
parent49c3a01d444052169363030dfd996fc7fd6a4fad (diff)
fix wrong parameter size on ioctl FIONREAD
On Wed, Sep 23, 2009 at 23:11, Matthias Schwarzott <zzam@gentoo.org> wrote: > It is about ioctl failures on amd64: > http://bugs.gentoo.org/show_bug.cgi?id=286041 > > A bad parameter type to an ioctl() call causes udev-146 to generate "error > getting buffer for inotify" messages in syslog. The offending code is > roughly: > > ssize_t nbytes, pos; > // ... > ioctl(fd, FIONREAD, &nbytes); > > where ssize_t is 64 bits on amd64, but the kernel code for FIONREAD (at least > through gentoo-sources-2.6.31) uses type int: > > p = (void __user *) arg; > switch (cmd) { > case FIONREAD: > // ... > ret = put_user(send_len, (int __user *) p); > > so the upper 32 bits of "nbytes" are left uninitialized, and the subsequent > malloc(nbytes) fails unless those 32 bits happen to be zero (or the system has > a LOT of memory).
-rw-r--r--udev/udevd.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/udev/udevd.c b/udev/udevd.c
index 2eb914a3f3..62c643668c 100644
--- a/udev/udevd.c
+++ b/udev/udevd.c
@@ -662,7 +662,7 @@ static void handle_ctrl_msg(struct udev_ctrl *uctrl)
/* read inotify messages */
static int handle_inotify(struct udev *udev)
{
- ssize_t nbytes, pos;
+ int nbytes, pos;
char *buf;
struct inotify_event *ev;