Module Name: src Committed By: riastradh Date: Wed Aug 3 11:09:13 UTC 2022
Modified Files: src/sys/kern: vfs_lockf.c Log Message: kern/vfs_lockf.c: Fix overflow in overflow detection. Reported-by: syzbot+cda9440741a151674...@syzkaller.appspotmail.com https://syzkaller.appspot.com/bug?id=030eb71324790093d467799263cd0789e5097229 To generate a diff of this commit: cvs rdiff -u -r1.76 -r1.77 src/sys/kern/vfs_lockf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/vfs_lockf.c diff -u src/sys/kern/vfs_lockf.c:1.76 src/sys/kern/vfs_lockf.c:1.77 --- src/sys/kern/vfs_lockf.c:1.76 Fri Jul 1 01:04:01 2022 +++ src/sys/kern/vfs_lockf.c Wed Aug 3 11:09:13 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_lockf.c,v 1.76 2022/07/01 01:04:01 riastradh Exp $ */ +/* $NetBSD: vfs_lockf.c,v 1.77 2022/08/03 11:09:13 riastradh Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: vfs_lockf.c,v 1.76 2022/07/01 01:04:01 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_lockf.c,v 1.77 2022/08/03 11:09:13 riastradh Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -844,7 +844,8 @@ lf_advlock(struct vop_advlock_args *ap, end = -1; else { if (fl->l_len >= 0) { - if (fl->l_len - 1 > __type_max(off_t) - start) + if (start >= 0 && + fl->l_len - 1 > __type_max(off_t) - start) return EINVAL; end = start + fl->l_len - 1; } else {