VirtualBox

Changeset 26629 in vbox


Ignore:
Timestamp:
Feb 18, 2010 3:40:07 PM (15 years ago)
Author:
vboxsync
Message:

Additions/solaris: Fix zero sized requests, namely VBOXGUEST_IOCTL_CANCEL_ALL_WAITEVENTS.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Additions/common/VBoxGuest/VBoxGuest-solaris.c

    r26358 r26629  
    169169/** Size of the MMIO region. */
    170170static off_t                g_cbMMIO;
    171 /** VMMDev Version. */
    172 static uint32_t             g_u32Version;
    173171/** Pointer to the interrupt handle vector */
    174172static ddi_intr_handle_t   *g_pIntr;
     
    612610        return EINVAL;
    613611    }
    614     if (RT_UNLIKELY(   ReqWrap.cbData == 0
    615                     || ReqWrap.cbData > _1M*16))
     612    if (RT_UNLIKELY(ReqWrap.cbData > _1M*16))
    616613    {
    617614        LogRel((DEVICE_NAME "::IOCtl: bad size %#x; pArg=%p Cmd=%#x.\n", ReqWrap.cbData, pArg, Cmd));
     
    620617
    621618    /*
    622      * Read the request.
     619     * Read the request payload if any; requests like VBOXGUEST_IOCTL_CANCEL_ALL_WAITEVENTS have no data payload.
    623620     */
    624     void *pvBuf = RTMemTmpAlloc(ReqWrap.cbData);
    625     if (RT_UNLIKELY(!pvBuf))
    626     {
    627         LogRel((DEVICE_NAME "::IOCtl: RTMemTmpAlloc failed to alloc %d bytes.\n", ReqWrap.cbData));
    628         return ENOMEM;
    629     }
    630 
    631     rc = ddi_copyin((void *)(uintptr_t)ReqWrap.pvDataR3, pvBuf, ReqWrap.cbData, Mode);
    632     if (RT_UNLIKELY(rc))
    633     {
    634         RTMemTmpFree(pvBuf);
    635         LogRel((DEVICE_NAME "::IOCtl: ddi_copyin failed; pvBuf=%p pArg=%p Cmd=%d. rc=%d\n", pvBuf, pArg, Cmd, rc));
    636         return EFAULT;
    637     }
    638     if (RT_UNLIKELY(   ReqWrap.cbData != 0
    639                     && !VALID_PTR(pvBuf)))
    640     {
    641         RTMemTmpFree(pvBuf);
    642         LogRel((DEVICE_NAME "::IOCtl: pvBuf invalid pointer %p\n", pvBuf));
    643         return EINVAL;
     621    void *pvBuf = NULL;
     622    if (RT_LIKELY(ReqWrap.cbData > 0))
     623    {
     624        pvBuf = RTMemTmpAlloc(ReqWrap.cbData);
     625        if (RT_UNLIKELY(!pvBuf))
     626        {
     627            LogRel((DEVICE_NAME "::IOCtl: RTMemTmpAlloc failed to alloc %d bytes.\n", ReqWrap.cbData));
     628            return ENOMEM;
     629        }
     630
     631        rc = ddi_copyin((void *)(uintptr_t)ReqWrap.pvDataR3, pvBuf, ReqWrap.cbData, Mode);
     632        if (RT_UNLIKELY(rc))
     633        {
     634            RTMemTmpFree(pvBuf);
     635            LogRel((DEVICE_NAME "::IOCtl: ddi_copyin failed; pvBuf=%p pArg=%p Cmd=%d. rc=%d\n", pvBuf, pArg, Cmd, rc));
     636            return EFAULT;
     637        }
     638        if (RT_UNLIKELY(!VALID_PTR(pvBuf)))
     639        {
     640            RTMemTmpFree(pvBuf);
     641            LogRel((DEVICE_NAME "::IOCtl: pvBuf invalid pointer %p\n", pvBuf));
     642            return EINVAL;
     643        }
    644644    }
    645645    Log((DEVICE_NAME "::IOCtl: pSession=%p pid=%d.\n", pSession, (int)RTProcSelf()));
     
    648648     * Process the IOCtl.
    649649     */
    650     size_t cbDataReturned;
     650    size_t cbDataReturned = 0;
    651651    rc = VBoxGuestCommonIOCtl(Cmd, &g_DevExt, pSession, pvBuf, ReqWrap.cbData, &cbDataReturned);
    652652    if (RT_SUCCESS(rc))
     
    678678    }
    679679    *pVal = rc;
    680     RTMemTmpFree(pvBuf);
     680    if (pvBuf)
     681        RTMemTmpFree(pvBuf);
    681682    return rc;
    682683}
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette