From cbf7e0cba7d47c20c73122e8dbefb98bf89fedad Mon Sep 17 00:00:00 2001
From: Brooks Davis <brooks@FreeBSD.org>
Date: Tue, 29 May 2018 20:03:24 +0000
Subject: [PATCH] Correct pointer subtraction in KASSERT().

The assertion would never fire without truly spectacular future
programming errors.

Reported by:	Coverity
CID:		1391370
Sponsored by:	DARPA, AFRL
---
 sys/amd64/linux/linux_sysvec.c     | 3 +--
 sys/amd64/linux32/linux32_sysvec.c | 3 +--
 sys/i386/linux/linux_sysvec.c      | 3 +--
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/sys/amd64/linux/linux_sysvec.c b/sys/amd64/linux/linux_sysvec.c
index 281e67e84d1..cd5c8bd382d 100644
--- a/sys/amd64/linux/linux_sysvec.c
+++ b/sys/amd64/linux/linux_sysvec.c
@@ -283,8 +283,7 @@ linux_fixup_elf(register_t **stack_base, struct image_params *imgp)
 	AUXARGS_ENTRY(pos, AT_NULL, 0);
 	free(imgp->auxargs, M_TEMP);
 	imgp->auxargs = NULL;
-	KASSERT((pos - argarray) / sizeof(*pos) <= LINUX_AT_COUNT,
-	    ("Too many auxargs"));
+	KASSERT(pos - argarray <= LINUX_AT_COUNT, ("Too many auxargs"));
 
 	error = copyout(argarray, auxbase, sizeof(*argarray) * LINUX_AT_COUNT);
 	free(argarray, M_TEMP);
diff --git a/sys/amd64/linux32/linux32_sysvec.c b/sys/amd64/linux32/linux32_sysvec.c
index aedf0c5dec9..e568ecef416 100644
--- a/sys/amd64/linux32/linux32_sysvec.c
+++ b/sys/amd64/linux32/linux32_sysvec.c
@@ -249,8 +249,7 @@ linux_fixup_elf(register_t **stack_base, struct image_params *imgp)
 
 	free(imgp->auxargs, M_TEMP);
 	imgp->auxargs = NULL;
-	KASSERT((pos - argarray) / sizeof(*pos) <= AT_COUNT,
-	    ("Too many auxargs"));
+	KASSERT(pos - argarray <= AT_COUNT, ("Too many auxargs"));
 
 	error = copyout(&argarray[0], auxbase, sizeof(*argarray) * AT_COUNT);
 	free(argarray, M_TEMP);
diff --git a/sys/i386/linux/linux_sysvec.c b/sys/i386/linux/linux_sysvec.c
index e13ba87598d..b3e84cb5cdc 100644
--- a/sys/i386/linux/linux_sysvec.c
+++ b/sys/i386/linux/linux_sysvec.c
@@ -261,8 +261,7 @@ linux_fixup_elf(register_t **stack_base, struct image_params *imgp)
 
 	free(imgp->auxargs, M_TEMP);
 	imgp->auxargs = NULL;
-	KASSERT((pos - argarray) / sizeof(*pos) <= LINUX_AT_COUNT,
-	    ("Too many auxargs"));
+	KASSERT(pos - argarray <= LINUX_AT_COUNT, ("Too many auxargs"));
 
 	error = copyout(argarray, auxbase, sizeof(*argarray) * LINUX_AT_COUNT);
 	free(argarray, M_TEMP);