Module Name: src
Committed By: riastradh
Date: Wed Jun 11 16:45:06 UTC 2014
Modified Files:
src/sys/dev/pci: agp_i810.c
Log Message:
Check bounds more carefully to avoid integer overflow.
To generate a diff of this commit:
cvs rdiff -u -r1.88 -r1.89 src/sys/dev/pci/agp_i810.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/agp_i810.c
diff -u src/sys/dev/pci/agp_i810.c:1.88 src/sys/dev/pci/agp_i810.c:1.89
--- src/sys/dev/pci/agp_i810.c:1.88 Wed Jun 11 14:04:48 2014
+++ src/sys/dev/pci/agp_i810.c Wed Jun 11 16:45:06 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: agp_i810.c,v 1.88 2014/06/11 14:04:48 riastradh Exp $ */
+/* $NetBSD: agp_i810.c,v 1.89 2014/06/11 16:45:06 riastradh Exp $ */
/*-
* Copyright (c) 2000 Doug Rabson
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: agp_i810.c,v 1.88 2014/06/11 14:04:48 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: agp_i810.c,v 1.89 2014/06/11 16:45:06 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1123,7 +1123,8 @@ agp_i810_alloc_memory(struct agp_softc *
return NULL;
if ((size & (AGP_PAGE_SIZE - 1)) != 0)
return NULL;
- if (sc->as_allocated + size > sc->as_maxmem)
+ KASSERT(sc->as_allocated <= sc->as_maxmem);
+ if (size > (sc->as_maxmem - sc->as_allocated))
return NULL;
switch (type) {
case AGP_I810_MEMTYPE_MAIN:
