From: Andrew Church <gentoo4@achurch.org>
Date: Thu, 24 Sep 2009 17:51:12 +0000 (-0700)
Subject: fix wrong parameter size on ioctl FIONREAD
X-Git-Tag: 174~759
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=4daa146bf71cea174271371a0eb3cf22719a550b;ds=sidebyside

fix wrong parameter size on ioctl FIONREAD

On Wed, Sep 23, 2009 at 23:11, Matthias Schwarzott <zzam@gentoo.org> wrote:
> It is about ioctl failures on amd64:
>   http://bugs.gentoo.org/show_bug.cgi?id=286041
>
> A bad parameter type to an ioctl() call causes udev-146 to generate "error
> getting buffer for inotify" messages in syslog.  The offending code is
> roughly:
>
>    ssize_t nbytes, pos;
>    // ...
>    ioctl(fd, FIONREAD, &nbytes);
>
> where ssize_t is 64 bits on amd64, but the kernel code for FIONREAD (at least
> through gentoo-sources-2.6.31) uses type int:
>
>    p = (void __user *) arg;
>    switch (cmd) {
>    case FIONREAD:
>        // ...
>        ret = put_user(send_len, (int __user *) p);
>
> so the upper 32 bits of "nbytes" are left uninitialized, and the subsequent
> malloc(nbytes) fails unless those 32 bits happen to be zero (or the system has
> a LOT of memory).
---

diff --git a/udev/udevd.c b/udev/udevd.c
index 2eb914a3f..62c643668 100644
--- a/udev/udevd.c
+++ b/udev/udevd.c
@@ -662,7 +662,7 @@ static void handle_ctrl_msg(struct udev_ctrl *uctrl)
 /* read inotify messages */
 static int handle_inotify(struct udev *udev)
 {
-	ssize_t nbytes, pos;
+	int nbytes, pos;
 	char *buf;
 	struct inotify_event *ev;