Index: sys/kern/sys_generic.c =================================================================== RCS file: /home/ncvs/src/sys/kern/sys_generic.c,v retrieving revision 1.55.2.10 diff -c -r1.55.2.10 sys_generic.c *** sys/kern/sys_generic.c 17 Mar 2001 10:39:32 -0000 1.55.2.10 --- sys/kern/sys_generic.c 23 Sep 2003 17:52:41 -0000 *************** *** 231,237 **** register struct filedesc *fdp = p->p_fd; struct uio auio; register struct iovec *iov; ! struct iovec *needfree; struct iovec aiov[UIO_SMALLIOV]; long i, cnt, error = 0; u_int iovlen; --- 231,237 ---- register struct filedesc *fdp = p->p_fd; struct uio auio; register struct iovec *iov; ! struct iovec *needfree = NULL; struct iovec aiov[UIO_SMALLIOV]; long i, cnt, error = 0; u_int iovlen; *************** *** 245,258 **** /* note: can't use iovlen until iovcnt is validated */ iovlen = uap->iovcnt * sizeof (struct iovec); if (uap->iovcnt > UIO_SMALLIOV) { ! if (uap->iovcnt > UIO_MAXIOV) ! return (EINVAL); MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK); needfree = iov; ! } else { iov = aiov; - needfree = NULL; - } auio.uio_iov = iov; auio.uio_iovcnt = uap->iovcnt; auio.uio_rw = UIO_READ; --- 245,258 ---- /* note: can't use iovlen until iovcnt is validated */ iovlen = uap->iovcnt * sizeof (struct iovec); if (uap->iovcnt > UIO_SMALLIOV) { ! if (uap->iovcnt > UIO_MAXIOV) { ! error = EINVAL; ! goto done; ! } MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK); needfree = iov; ! } else iov = aiov; auio.uio_iov = iov; auio.uio_iovcnt = uap->iovcnt; auio.uio_rw = UIO_READ;