From d25c879dc55dcc6a477fdce1c75382afec7596b8 Mon Sep 17 00:00:00 2001
From: Greg McGary <greg@mcgary.org>
Date: Thu, 27 Jul 2000 06:25:28 +0000
Subject: * sysdeps/gnu/bits/msq.h: Qualify kernel's

data structure pointers as __unbounded.
* sysdeps/unix/sysv/linux/mips/bits/shm.h: Likewise.
* sysdeps/generic/bp-semctl.h: New file.
* sysdeps/unix/sysv/linux/msgctl.c: Qualify kernel's data structure
pointers as __unbounded.  Check bounds of syscall args.
* sysdeps/unix/sysv/linux/msgrcv.c: Likewise.
* sysdeps/unix/sysv/linux/msgsnd.c: Likewise.
* sysdeps/unix/sysv/linux/semctl.c: Likewise.
* sysdeps/unix/sysv/linux/semop.c: Likewise.
* sysdeps/unix/sysv/linux/shmat.c: Likewise.
* sysdeps/unix/sysv/linux/shmctl.c: Likewise.
* sysdeps/unix/sysv/linux/shmdt.c: Likewise.
* sysdeps/unix/sysv/linux/alpha/msgctl.c: Likewise.
* sysdeps/unix/sysv/linux/alpha/semctl.c: Likewise.
* sysdeps/unix/sysv/linux/alpha/shmctl.c: Likewise.
* sysdeps/unix/sysv/linux/i386/msgctl.c: Likewise.
* sysdeps/unix/sysv/linux/i386/semctl.c: Likewise.
* sysdeps/unix/sysv/linux/i386/shmctl.c: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/msgctl.c: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/semctl.c: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/shmctl.c: Likewise.
2000-07-26  Greg McGary  <greg@mcgary.org>

	* sysdeps/gnu/bits/msq.h: Qualify kernel's
	data structure pointers as __unbounded.
	* sysdeps/unix/sysv/linux/mips/bits/shm.h: Likewise.
	* sysdeps/generic/bp-semctl.h: New file.
	* sysdeps/unix/sysv/linux/msgctl.c: Qualify kernel's data structure
	pointers as __unbounded.  Check bounds of syscall args.
	* sysdeps/unix/sysv/linux/msgrcv.c: Likewise.
	* sysdeps/unix/sysv/linux/msgsnd.c: Likewise.
	* sysdeps/unix/sysv/linux/semctl.c: Likewise.
	* sysdeps/unix/sysv/linux/semop.c: Likewise.
	* sysdeps/unix/sysv/linux/shmat.c: Likewise.
	* sysdeps/unix/sysv/linux/shmctl.c: Likewise.
	* sysdeps/unix/sysv/linux/shmdt.c: Likewise.
	* sysdeps/unix/sysv/linux/alpha/msgctl.c: Likewise.
	* sysdeps/unix/sysv/linux/alpha/semctl.c: Likewise.
	* sysdeps/unix/sysv/linux/alpha/shmctl.c: Likewise.
	* sysdeps/unix/sysv/linux/i386/msgctl.c: Likewise.
	* sysdeps/unix/sysv/linux/i386/semctl.c: Likewise.
	* sysdeps/unix/sysv/linux/i386/shmctl.c: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/msgctl.c: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/semctl.c: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/shmctl.c: Likewise.
---
 sysdeps/unix/sysv/linux/shmctl.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'sysdeps/unix/sysv/linux/shmctl.c')

diff --git a/sysdeps/unix/sysv/linux/shmctl.c b/sysdeps/unix/sysv/linux/shmctl.c
index f2f7340f7b..3b2809ac5d 100644
--- a/sysdeps/unix/sysv/linux/shmctl.c
+++ b/sysdeps/unix/sysv/linux/shmctl.c
@@ -26,6 +26,7 @@
 #include <sys/syscall.h>
 #include <bits/wordsize.h>
 #include <shlib-compat.h>
+#include <bp-checks.h>
 
 #include "kernel-features.h"
 
@@ -40,8 +41,8 @@ struct __old_shmid_ds
   __ipc_pid_t shm_lpid;			/* pid of last shmop */
   unsigned short int shm_nattch;	/* number of current attaches */
   unsigned short int __shm_npages;	/* size of segment (pages) */
-  unsigned long int *__shm_pages;	/* array of ptrs to frames -> SHMMAX */
-  struct vm_area_struct *__attaches;	/* descriptors for attaches */
+  unsigned long int *__unbounded __shm_pages; /* array of ptrs to frames -> SHMMAX */
+  struct vm_area_struct *__unbounded __attaches; /* descriptors for attaches */
 };
 
 struct __old_shminfo
@@ -63,7 +64,8 @@ int __new_shmctl (int, int, struct shmid_ds *);
 int
 __old_shmctl (int shmid, int cmd, struct __old_shmid_ds *buf)
 {
-  return INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid, cmd, 0, buf);
+  return INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid,
+			 cmd, 0, CHECK_1opt (buf));
 }
 compat_symbol (libc, __old_shmctl, shmctl, GLIBC_2_0);
 #endif
@@ -72,7 +74,7 @@ int
 __new_shmctl (int shmid, int cmd, struct shmid_ds *buf)
 {
 #if __ASSUME_32BITUIDS > 0
-  return INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid, cmd | __IPC_64, 0, buf);
+  return INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid, cmd | __IPC_64, 0, CHECK_1 (buf));
 #else
   switch (cmd) {
     case SHM_STAT:
@@ -83,7 +85,7 @@ __new_shmctl (int shmid, int cmd, struct shmid_ds *buf)
 #endif
       break;
     default:
-      return INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid, cmd, 0, buf);
+      return INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid, cmd, 0, CHECK_1 (buf));
   }
 
   {
@@ -92,7 +94,7 @@ __new_shmctl (int shmid, int cmd, struct shmid_ds *buf)
 
     /* Unfortunately there is no way how to find out for sure whether
        we should use old or new shmctl.  */
-    result = INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid, cmd | __IPC_64, 0, buf);
+    result = INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid, cmd | __IPC_64, 0, CHECK_1 (buf));
     if (result != -1 || errno != EINVAL)
       return result;
 
@@ -109,7 +111,7 @@ __new_shmctl (int shmid, int cmd, struct shmid_ds *buf)
 	    return -1;
 	  }
       }
-    result = INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid, cmd, 0, &old);
+    result = INLINE_SYSCALL (ipc, 5, IPCOP_shmctl, shmid, cmd, 0, __ptrvalue (&old));
     if (result != -1 && (cmd == SHM_STAT || cmd == IPC_STAT))
       {
 	memset(buf, 0, sizeof(*buf));
-- 
cgit 1.4.1