Due to an involuntary integer overflow, the randomread() and
randomwrite() functions can be tricked into entering an endless loop.
That loop can be triggered by performing a read() of UINT_MAX + 1 bytes
from /dev/random on a platform where sizeof(size_t) sizeof(u_int).
This holds true for e.g.
Your diff looks correct, though I don't think the explicit casts
are needed since the prototypes are in scope. Perhaps it quiets a
warning with some compiler flags?
There's a scary number of instances of min(foo, uio-uio_resid) in
the kernel that should probably be fixed as well.
- todd
Your diff looks correct, though I don't think the explicit casts
are needed since the prototypes are in scope. Perhaps it quiets a
warning with some compiler flags?
The casts are not strictly necessary and you are correct about the
warnings; both gcc (I believe since version 4.3 with the
