#15058 closed bug (fixed)
_user_ioctl checks int argument as a buffer address
Reported by: | korli | Owned by: | nobody |
---|---|---|---|
Priority: | normal | Milestone: | R1/beta2 |
Component: | System/POSIX | Version: | R1/Development |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Platform: | All |
Description
http://pubs.opengroup.org/onlinepubs/9699919799/functions/ioctl.html clearly specifies that:
The arg argument represents additional information that is needed by this specific STREAMS device to perform the requested function. The type of arg depends upon the particular control request, but it shall be either an integer or a pointer to a device-specific data structure.
But the way _user_ioctl() checks doesn't allow an integer argument, only a pointer argument.
status_t _user_ioctl(int fd, uint32 op, void* buffer, size_t length) { if (buffer != NULL && !IS_USER_ADDRESS(buffer)) return B_BAD_ADDRESS;
Functions like tcdrain(), tcflow(), tcflush() and tcsendbreak() use an int argument, thus can't work as expected.
Change History (4)
comment:1 by , 6 years ago
comment:4 by , 5 years ago
Milestone: | Unscheduled → R1/beta2 |
---|
Assign tickets with status=closed and resolution=fixed within the R1/beta2 development window to the R1/beta2 Milestone
I would just remove the buffer check, delegating this check to the component.