From 5d97bedb22d3bef6e43e4c7571c1925ba8e95cda Mon Sep 17 00:00:00 2001
From: "Andrey A. Chernov" <ache@FreeBSD.org>
Date: Thu, 23 Aug 2001 17:56:48 +0000
Subject: [PATCH] vn_stat(): if va_size (u_quad_t) > OFF_MAX, return EOVERFLOW,
 don't copy it blindly to st_size

---
 sys/kern/vfs_vnops.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index de7a7ce92ad..1cd6c99bc4f 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -55,6 +55,8 @@
 #include <sys/ttycom.h>
 #include <sys/conf.h>
 
+#include <machine/limits.h>
+
 static int vn_closefile __P((struct file *fp, struct proc *p));
 static int vn_ioctl __P((struct file *fp, u_long com, caddr_t data, 
 		struct proc *p));
@@ -499,6 +501,8 @@ vn_stat(vp, sb, p)
 	sb->st_uid = vap->va_uid;
 	sb->st_gid = vap->va_gid;
 	sb->st_rdev = vap->va_rdev;
+	if (vap->va_size > OFF_MAX)
+		return (EOVERFLOW);
 	sb->st_size = vap->va_size;
 	sb->st_atimespec = vap->va_atime;
 	sb->st_mtimespec = vap->va_mtime;