Changeset 26629 in vbox
- Timestamp:
- Feb 18, 2010 3:40:07 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Additions/common/VBoxGuest/VBoxGuest-solaris.c
r26358 r26629 169 169 /** Size of the MMIO region. */ 170 170 static off_t g_cbMMIO; 171 /** VMMDev Version. */172 static uint32_t g_u32Version;173 171 /** Pointer to the interrupt handle vector */ 174 172 static ddi_intr_handle_t *g_pIntr; … … 612 610 return EINVAL; 613 611 } 614 if (RT_UNLIKELY( ReqWrap.cbData == 0 615 || ReqWrap.cbData > _1M*16)) 612 if (RT_UNLIKELY(ReqWrap.cbData > _1M*16)) 616 613 { 617 614 LogRel((DEVICE_NAME "::IOCtl: bad size %#x; pArg=%p Cmd=%#x.\n", ReqWrap.cbData, pArg, Cmd)); … … 620 617 621 618 /* 622 * Read the request .619 * Read the request payload if any; requests like VBOXGUEST_IOCTL_CANCEL_ALL_WAITEVENTS have no data payload. 623 620 */ 624 void *pvBuf = RTMemTmpAlloc(ReqWrap.cbData); 625 if (RT_UNLIKELY(!pvBuf)) 626 { 627 LogRel((DEVICE_NAME "::IOCtl: RTMemTmpAlloc failed to alloc %d bytes.\n", ReqWrap.cbData)); 628 return ENOMEM; 629 } 630 631 rc = ddi_copyin((void *)(uintptr_t)ReqWrap.pvDataR3, pvBuf, ReqWrap.cbData, Mode); 632 if (RT_UNLIKELY(rc)) 633 { 634 RTMemTmpFree(pvBuf); 635 LogRel((DEVICE_NAME "::IOCtl: ddi_copyin failed; pvBuf=%p pArg=%p Cmd=%d. rc=%d\n", pvBuf, pArg, Cmd, rc)); 636 return EFAULT; 637 } 638 if (RT_UNLIKELY( ReqWrap.cbData != 0 639 && !VALID_PTR(pvBuf))) 640 { 641 RTMemTmpFree(pvBuf); 642 LogRel((DEVICE_NAME "::IOCtl: pvBuf invalid pointer %p\n", pvBuf)); 643 return EINVAL; 621 void *pvBuf = NULL; 622 if (RT_LIKELY(ReqWrap.cbData > 0)) 623 { 624 pvBuf = RTMemTmpAlloc(ReqWrap.cbData); 625 if (RT_UNLIKELY(!pvBuf)) 626 { 627 LogRel((DEVICE_NAME "::IOCtl: RTMemTmpAlloc failed to alloc %d bytes.\n", ReqWrap.cbData)); 628 return ENOMEM; 629 } 630 631 rc = ddi_copyin((void *)(uintptr_t)ReqWrap.pvDataR3, pvBuf, ReqWrap.cbData, Mode); 632 if (RT_UNLIKELY(rc)) 633 { 634 RTMemTmpFree(pvBuf); 635 LogRel((DEVICE_NAME "::IOCtl: ddi_copyin failed; pvBuf=%p pArg=%p Cmd=%d. rc=%d\n", pvBuf, pArg, Cmd, rc)); 636 return EFAULT; 637 } 638 if (RT_UNLIKELY(!VALID_PTR(pvBuf))) 639 { 640 RTMemTmpFree(pvBuf); 641 LogRel((DEVICE_NAME "::IOCtl: pvBuf invalid pointer %p\n", pvBuf)); 642 return EINVAL; 643 } 644 644 } 645 645 Log((DEVICE_NAME "::IOCtl: pSession=%p pid=%d.\n", pSession, (int)RTProcSelf())); … … 648 648 * Process the IOCtl. 649 649 */ 650 size_t cbDataReturned ;650 size_t cbDataReturned = 0; 651 651 rc = VBoxGuestCommonIOCtl(Cmd, &g_DevExt, pSession, pvBuf, ReqWrap.cbData, &cbDataReturned); 652 652 if (RT_SUCCESS(rc)) … … 678 678 } 679 679 *pVal = rc; 680 RTMemTmpFree(pvBuf); 680 if (pvBuf) 681 RTMemTmpFree(pvBuf); 681 682 return rc; 682 683 }
Note:
See TracChangeset
for help on using the changeset viewer.