On Wed, 24 Nov 1999, Bruce Evans wrote:
> Hmm. My netscape works, but I didn't use merge that commit. I had already
> inadvertly fixed the bug in another way while cleaning up.
>
> Indeed, the proplem is checking the new context before checking that the
> context is actually new.
>
> Here is my version.
Hmm...
>
> int
> sigreturn(p, uap)
> struct proc *p;
> struct sigreturn_args /* {
> ucontext_t *ucp;
> } */ *uap;
> {
> struct trapframe *regs;
> ucontext_t *ucp;
> int cs, eflags;
>
> #if defined(COMPAT_43) || defined(COMPAT_SUNOS)
> if (((struct osigcontext *)uap->sigcntxp)->sc_trapno == 0x01d516)
> return (osigreturn(p, (struct osigreturn_args *)uap));
> #endif
I don't see how this fixes things, other than hiding it. Since the i386
memory model we use maps kernel and user memory all at the same time,
this code is reading directly from user space memory, right? If this is
the case, wouldn't a copyin() be the proper thing to do? At least doing
the useracc() would be better than doing nothing, wouldn't it?
>
> ucp = uap-> /* ucp */ sigcntxp;
> if (!useracc((caddr_t)ucp, sizeof(*ucp), VM_PROT_READ))
> return (EFAULT);
> eflags = ucp->uc_mcontext.mc_eflags;
> regs = p->p_md.md_regs;
>
> Bruce
>
>
--
Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! /
[EMAIL PROTECTED] `------------------------------'
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
