Module Name: src
Committed By: alnsn
Date: Sat Jul 12 20:14:18 UTC 2014
Modified Files:
src/sys/net: bpfjit.c
Log Message:
emit_xcall: check overflow by comparing X with (UINT32_MAX - pk->k), restore
the A register after checking that xcall succeeded.
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/sys/net/bpfjit.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/bpfjit.c
diff -u src/sys/net/bpfjit.c:1.25 src/sys/net/bpfjit.c:1.26
--- src/sys/net/bpfjit.c:1.25 Sat Jul 12 16:52:57 2014
+++ src/sys/net/bpfjit.c Sat Jul 12 20:14:18 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: bpfjit.c,v 1.25 2014/07/12 16:52:57 alnsn Exp $ */
+/* $NetBSD: bpfjit.c,v 1.26 2014/07/12 20:14:18 alnsn Exp $ */
/*-
* Copyright (c) 2011-2014 Alexander Nasonov.
@@ -31,9 +31,9 @@
#include <sys/cdefs.h>
#ifdef _KERNEL
-__KERNEL_RCSID(0, "$NetBSD: bpfjit.c,v 1.25 2014/07/12 16:52:57 alnsn Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpfjit.c,v 1.26 2014/07/12 20:14:18 alnsn Exp $");
#else
-__RCSID("$NetBSD: bpfjit.c,v 1.25 2014/07/12 16:52:57 alnsn Exp $");
+__RCSID("$NetBSD: bpfjit.c,v 1.26 2014/07/12 20:14:18 alnsn Exp $");
#endif
#include <sys/types.h>
@@ -552,25 +552,24 @@ emit_xcall(struct sljit_compiler *compil
return status;
if (BPF_CLASS(pc->code) == BPF_LD && BPF_MODE(pc->code) == BPF_IND) {
+ /* if (X > UINT32_MAX - pc->k) return 0; */
+ jump = sljit_emit_cmp(compiler,
+ SLJIT_C_GREATER,
+ BJ_XREG, 0,
+ SLJIT_IMM, UINT32_MAX - pc->k);
+ if (jump == NULL)
+ return SLJIT_ERR_ALLOC_FAILED;
+ if (!append_jump(jump, ret0, ret0_size, ret0_maxsize))
+ return SLJIT_ERR_ALLOC_FAILED;
+
/* k = X + pc->k; */
status = sljit_emit_op2(compiler,
- SLJIT_ADD | SLJIT_INT_OP,
+ SLJIT_ADD,
SLJIT_SCRATCH_REG2, 0,
BJ_XREG, 0,
SLJIT_IMM, (uint32_t)pc->k);
if (status != SLJIT_SUCCESS)
return status;
-
- /* if (k < X) return 0; */
- jump = sljit_emit_cmp(compiler,
- SLJIT_C_LESS,
- SLJIT_SCRATCH_REG2, 0,
- BJ_XREG, 0);
- if (jump == NULL)
- return SLJIT_ERR_ALLOC_FAILED;
-
- if (!append_jump(jump, ret0, ret0_size, ret0_maxsize))
- return SLJIT_ERR_ALLOC_FAILED;
} else {
/* k = pc->k */
status = sljit_emit_op1(compiler,
@@ -607,16 +606,6 @@ emit_xcall(struct sljit_compiler *compil
return status;
}
- if (BPF_CLASS(pc->code) == BPF_LDX) {
- /* restore A */
- status = sljit_emit_op1(compiler,
- SLJIT_MOV,
- BJ_AREG, 0,
- BJ_TMP3REG, 0);
- if (status != SLJIT_SUCCESS)
- return status;
- }
-
/* tmp2 = *err; */
status = sljit_emit_op1(compiler,
SLJIT_MOV_UI,
@@ -637,6 +626,16 @@ emit_xcall(struct sljit_compiler *compil
if (!append_jump(jump, ret0, ret0_size, ret0_maxsize))
return SLJIT_ERR_ALLOC_FAILED;
+ if (BPF_CLASS(pc->code) == BPF_LDX) {
+ /* restore A */
+ status = sljit_emit_op1(compiler,
+ SLJIT_MOV,
+ BJ_AREG, 0,
+ BJ_TMP3REG, 0);
+ if (status != SLJIT_SUCCESS)
+ return status;
+ }
+
return SLJIT_SUCCESS;
}
#endif
