Sat Apr 4 19:24:51 2020 UTC ()
Avoid copying zero-sized objects (from the NULL address)

Detected with UBSan


(kamil)
diff -r1.154 -r1.155 src/sys/rump/librump/rumpvfs/rumpfs.c
cvs diff -r1.154 -r1.155 src/sys/rump/librump/rumpvfs/rumpfs.c (expand / switch to unified diff)

--- src/sys/rump/librump/rumpvfs/rumpfs.c 2020/01/17 20:08:09 1.154
+++ src/sys/rump/librump/rumpvfs/rumpfs.c 2020/04/04 19:24:51 1.155
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: rumpfs.c,v 1.154 2020/01/17 20:08:09 ad Exp $ */ 1/* $NetBSD: rumpfs.c,v 1.155 2020/04/04 19:24:51 kamil Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2009, 2010, 2011 Antti Kantee. All Rights Reserved. 4 * Copyright (c) 2009, 2010, 2011 Antti Kantee. All Rights Reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
14 * 14 *
@@ -16,27 +16,27 @@ @@ -16,27 +16,27 @@
16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE. 25 * SUCH DAMAGE.
26 */ 26 */
27 27
28#include <sys/cdefs.h> 28#include <sys/cdefs.h>
29__KERNEL_RCSID(0, "$NetBSD: rumpfs.c,v 1.154 2020/01/17 20:08:09 ad Exp $"); 29__KERNEL_RCSID(0, "$NetBSD: rumpfs.c,v 1.155 2020/04/04 19:24:51 kamil Exp $");
30 30
31#include <sys/param.h> 31#include <sys/param.h>
32#include <sys/atomic.h> 32#include <sys/atomic.h>
33#include <sys/buf.h> 33#include <sys/buf.h>
34#include <sys/dirent.h> 34#include <sys/dirent.h>
35#include <sys/errno.h> 35#include <sys/errno.h>
36#include <sys/filedesc.h> 36#include <sys/filedesc.h>
37#include <sys/fcntl.h> 37#include <sys/fcntl.h>
38#include <sys/kauth.h> 38#include <sys/kauth.h>
39#include <sys/malloc.h> 39#include <sys/malloc.h>
40#include <sys/module.h> 40#include <sys/module.h>
41#include <sys/mount.h> 41#include <sys/mount.h>
42#include <sys/namei.h> 42#include <sys/namei.h>
@@ -967,27 +967,28 @@ rump_vop_setattr(void *v) @@ -967,27 +967,28 @@ rump_vop_setattr(void *v)
967 if (vp->v_type == VREG && 967 if (vp->v_type == VREG &&
968 vap->va_size != VSIZENOTSET && 968 vap->va_size != VSIZENOTSET &&
969 vap->va_size != rn->rn_dlen && 969 vap->va_size != rn->rn_dlen &&
970 (rn->rn_flags & RUMPNODE_ET_PHONE_HOST) == 0) { 970 (rn->rn_flags & RUMPNODE_ET_PHONE_HOST) == 0) {
971 void *newdata; 971 void *newdata;
972 size_t copylen, newlen; 972 size_t copylen, newlen;
973 973
974 newlen = vap->va_size; 974 newlen = vap->va_size;
975 newdata = rump_hypermalloc(newlen, 0, false, "rumpfs"); 975 newdata = rump_hypermalloc(newlen, 0, false, "rumpfs");
976 if (newdata == NULL) 976 if (newdata == NULL)
977 return ENOSPC; 977 return ENOSPC;
978 978
979 copylen = MIN(rn->rn_dlen, newlen); 979 copylen = MIN(rn->rn_dlen, newlen);
980 memcpy(newdata, rn->rn_data, copylen); 980 if (copylen > 0)
 981 memcpy(newdata, rn->rn_data, copylen);
981 memset((char *)newdata + copylen, 0, newlen - copylen); 982 memset((char *)newdata + copylen, 0, newlen - copylen);
982 983
983 if ((rn->rn_flags & RUMPNODE_EXTSTORAGE) == 0) { 984 if ((rn->rn_flags & RUMPNODE_EXTSTORAGE) == 0) {
984 rump_hyperfree(rn->rn_data, rn->rn_dlen); 985 rump_hyperfree(rn->rn_data, rn->rn_dlen);
985 } else { 986 } else {
986 rn->rn_flags &= ~RUMPNODE_EXTSTORAGE; 987 rn->rn_flags &= ~RUMPNODE_EXTSTORAGE;
987 } 988 }
988 989
989 rn->rn_data = newdata; 990 rn->rn_data = newdata;
990 rn->rn_dlen = newlen; 991 rn->rn_dlen = newlen;
991 uvm_vnp_setsize(vp, newlen); 992 uvm_vnp_setsize(vp, newlen);
992 } 993 }
993 return 0; 994 return 0;
@@ -1482,27 +1483,28 @@ rump_vop_write(void *v) @@ -1482,27 +1483,28 @@ rump_vop_write(void *v)
1482 */ 1483 */
1483 newlen = uio->uio_offset + uio->uio_resid; 1484 newlen = uio->uio_offset + uio->uio_resid;
1484 oldlen = 0; /* XXXgcc */ 1485 oldlen = 0; /* XXXgcc */
1485 olddata = NULL; 1486 olddata = NULL;
1486 if (rn->rn_dlen < newlen) { 1487 if (rn->rn_dlen < newlen) {
1487 oldlen = rn->rn_dlen; 1488 oldlen = rn->rn_dlen;
1488 olddata = rn->rn_data; 1489 olddata = rn->rn_data;
1489 1490
1490 rn->rn_data = rump_hypermalloc(newlen, 0, false, "rumpfs"); 1491 rn->rn_data = rump_hypermalloc(newlen, 0, false, "rumpfs");
1491 if (rn->rn_data == NULL) 1492 if (rn->rn_data == NULL)
1492 return ENOSPC; 1493 return ENOSPC;
1493 rn->rn_dlen = newlen; 1494 rn->rn_dlen = newlen;
1494 memset(rn->rn_data, 0, newlen); 1495 memset(rn->rn_data, 0, newlen);
1495 memcpy(rn->rn_data, olddata, oldlen); 1496 if (oldlen > 0)
 1497 memcpy(rn->rn_data, olddata, oldlen);
1496 allocd = true; 1498 allocd = true;
1497 uvm_vnp_setsize(vp, newlen); 1499 uvm_vnp_setsize(vp, newlen);
1498 } 1500 }
1499 1501
1500 /* ok, we have enough stooorage. write */ 1502 /* ok, we have enough stooorage. write */
1501 while (uio->uio_resid > 0) { 1503 while (uio->uio_resid > 0) {
1502 chunk = MIN(uio->uio_resid, (off_t)rn->rn_dlen-uio->uio_offset); 1504 chunk = MIN(uio->uio_resid, (off_t)rn->rn_dlen-uio->uio_offset);
1503 if (chunk == 0) 1505 if (chunk == 0)
1504 break; 1506 break;
1505 error = ubc_uiomove(&vp->v_uobj, uio, chunk, advice, 1507 error = ubc_uiomove(&vp->v_uobj, uio, chunk, advice,
1506 UBC_WRITE | UBC_PARTIALOK | UBC_UNMAP_FLAG(vp)); 1508 UBC_WRITE | UBC_PARTIALOK | UBC_UNMAP_FLAG(vp));
1507 if (error) 1509 if (error)
1508 break; 1510 break;