--- sys/compat/linux/linux_ioctl.c 3 Jul 2003 07:43:50 -0000 1.55.2.12 +++ sys/compat/linux/linux_ioctl.c 23 Jun 2004 04:05:47 -0000 @@ -933,19 +933,21 @@ } case LINUX_CDROMREADTOCENTRY: { - struct linux_cdrom_tocentry lte, *ltep = - (struct linux_cdrom_tocentry *)args->arg; + struct linux_cdrom_tocentry lte; struct ioc_read_toc_single_entry irtse; - irtse.address_format = ltep->cdte_format; - irtse.track = ltep->cdte_track; + + error = copyin((caddr_t)args->arg, <e, sizeof(lte)); + if (error) + return (error); + irtse.address_format = lte.cdte_format; + irtse.track = lte.cdte_track; error = fo_ioctl(fp, CDIOREADTOCENTRY, (caddr_t)&irtse, p); if (!error) { - lte = *ltep; lte.cdte_ctrl = irtse.entry.control; lte.cdte_adr = irtse.entry.addr_type; bsd_to_linux_msf_lba(irtse.address_format, &irtse.entry.addr, <e.cdte_addr); - copyout(<e, (caddr_t)args->arg, sizeof(lte)); + error = copyout(<e, (caddr_t)args->arg, sizeof(lte)); } return (error); } @@ -1268,6 +1270,7 @@ linux_ioctl_console(struct proc *p, struct linux_ioctl_args *args) { struct file *fp = p->p_fd->fd_ofiles[args->fd]; + int error; switch (args->cmd & 0xffff) { @@ -1326,11 +1329,16 @@ return (ioctl(p, (struct ioctl_args *)args)); case LINUX_VT_SETMODE: { - struct vt_mode *mode; + struct vt_mode mode; + error = copyin((caddr_t)args->arg, &mode, sizeof(mode)); + if (error) + return (error); + if (!ISSIGVALID(mode.frsig) && ISSIGVALID(mode.acqsig)) + mode.frsig = mode.acqsig; + error = copyout(&mode, (caddr_t)args->arg, sizeof(mode)); + if (error) + return (error); args->cmd = VT_SETMODE; - mode = (struct vt_mode *)args->arg; - if (!ISSIGVALID(mode->frsig) && ISSIGVALID(mode->acqsig)) - mode->frsig = mode->acqsig; return (ioctl(p, (struct ioctl_args *)args)); }