From 0e91d138a30a85eedceb3dbfd28b478a83232979 Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Wed, 4 Oct 2017 01:58:21 +0200
Subject: linux-block: Fix calling vm_map_copy_discard on uninitialized
 variable

This happens if passed count is 0.

Reported by Richard Braun.

* linux/dev/glue/block.c (device_write): Set copy variable before
vm_map_copy_discard() is called.
---
 linux/dev/glue/block.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'linux')

diff --git a/linux/dev/glue/block.c b/linux/dev/glue/block.c
index c1d922b6..a8fa9153 100644
--- a/linux/dev/glue/block.c
+++ b/linux/dev/glue/block.c
@@ -1303,7 +1303,7 @@ device_write (void *d, ipc_port_t reply_port,
   int resid, amt, i;
   int count = (int) orig_count;
   io_return_t err = 0;
-  vm_map_copy_t copy;
+  vm_map_copy_t copy = (vm_map_copy_t) data;
   vm_offset_t addr, uaddr;
   vm_size_t len, size;
   struct block_data *bd = d;
@@ -1327,7 +1327,6 @@ device_write (void *d, ipc_port_t reply_port,
     }
 
   resid = count;
-  copy = (vm_map_copy_t) data;
   uaddr = copy->offset;
 
   /* Allocate a kernel buffer.  */
-- 
cgit v1.2.3