bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/2] i386/i386/user_ldt.c: check ldt


From: Marin Ramesa
Subject: [PATCH 1/2] i386/i386/user_ldt.c: check ldt
Date: Sun, 17 Nov 2013 07:01:25 +0100

When ldt equals zero, and default branch is taken from the switch
statement, and sel is not equal to zero, comparison results in
a dereference of a null pointer. Avoid this.

* i386/i386/user_ldt.c (ldt): Check if it equals zero.

---
 i386/i386/user_ldt.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/i386/i386/user_ldt.c b/i386/i386/user_ldt.c
index 74c10a4..7afa5c9 100644
--- a/i386/i386/user_ldt.c
+++ b/i386/i386/user_ldt.c
@@ -79,9 +79,10 @@ boolean_t selector_check(thread, sel, type)
 
        if (type != S_DATA && sel == 0)
            return FALSE;
-       if ((sel & (SEL_LDT|SEL_PL)) != (SEL_LDT|SEL_PL_U)
-         || sel > ldt->desc.limit_low)
-               return FALSE;
+       if (ldt != 0)
+               if ((sel & (SEL_LDT|SEL_PL)) != (SEL_LDT|SEL_PL_U)
+               || sel > ldt->desc.limit_low)
+                       return FALSE;
 
        access = ldt->ldt[sel_idx(sel)].access;
        
-- 
1.8.1.4




reply via email to

[Prev in Thread] Current Thread [Next in Thread]