--- sys/compat/linux/linux_ioctl.c	31 Oct 2003 18:31:55 -0000	1.112
+++ sys/compat/linux/linux_ioctl.c	23 Jun 2004 01:34:41 -0000
@@ -1328,20 +1328,22 @@
 	}
 
 	case LINUX_CDROMREADTOCENTRY: {
-		struct linux_cdrom_tocentry lte, *ltep =
-		    (struct linux_cdrom_tocentry *)args->arg;
+		struct linux_cdrom_tocentry lte;
 		struct ioc_read_toc_single_entry irtse;
-		irtse.address_format = ltep->cdte_format;
-		irtse.track = ltep->cdte_track;
+
+		error = copyin((void *)args->arg, &lte, sizeof(lte));
+		if (error)
+			break;
+		irtse.address_format = lte.cdte_format;
+		irtse.track = lte.cdte_track;
 		error = fo_ioctl(fp, CDIOREADTOCENTRY, (caddr_t)&irtse,
 		    td->td_ucred, td);
 		if (!error) {
-			lte = *ltep;
 			lte.cdte_ctrl = irtse.entry.control;
 			lte.cdte_adr = irtse.entry.addr_type;
 			bsd_to_linux_msf_lba(irtse.address_format,
 			    &irtse.entry.addr, &lte.cdte_addr);
-			copyout(&lte, (void *)args->arg, sizeof(lte));
+			error = copyout(&lte, (void *)args->arg, sizeof(lte));
 		}
 		break;
 	}
@@ -1826,11 +1828,14 @@
 		break;
 
 	case LINUX_VT_SETMODE: {
-		struct vt_mode *mode;
+		struct vt_mode mode;
+		if ((error = copyin((void *)args->arg, &mode, sizeof(mode))))
+			break;
+		if (!ISSIGVALID(mode.frsig) && ISSIGVALID(mode.acqsig))
+			mode.frsig = mode.acqsig;
+		if ((error = copyout(&mode, (void *)args->arg, sizeof(mode))))
+			break;
 		args->cmd = VT_SETMODE;
-		mode = (struct vt_mode *)args->arg;
-		if (!ISSIGVALID(mode->frsig) && ISSIGVALID(mode->acqsig))
-			mode->frsig = mode->acqsig;
 		error = (ioctl(td, (struct ioctl_args *)args));
 		break;
 	}