#15058 closed bug (fixed)
_user_ioctl checks int argument as a buffer address
| Reported by: | korli | Owned by: | nobody |
|---|---|---|---|
| Priority: | normal | Milestone: | R1/beta2 |
| Component: | System/POSIX | Version: | R1/Development |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
http://pubs.opengroup.org/onlinepubs/9699919799/functions/ioctl.html clearly specifies that:
The arg argument represents additional information that is needed by this specific STREAMS device to perform the requested function. The type of arg depends upon the particular control request, but it shall be either an integer or a pointer to a device-specific data structure.
But the way _user_ioctl() checks doesn't allow an integer argument, only a pointer argument.
status_t
_user_ioctl(int fd, uint32 op, void* buffer, size_t length)
{
if (buffer != NULL && !IS_USER_ADDRESS(buffer))
return B_BAD_ADDRESS;
Functions like tcdrain(), tcflow(), tcflush() and tcsendbreak() use an int argument, thus can't work as expected.
Change History (4)
comment:1 by , 6 years ago
comment:4 by , 5 years ago
| Milestone: | Unscheduled → R1/beta2 |
|---|
Assign tickets with status=closed and resolution=fixed within the R1/beta2 development window to the R1/beta2 Milestone
Note:
See TracTickets
for help on using tickets.
I would just remove the buffer check, delegating this check to the component.