d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix NULL pointer dereference in futex_wake_op() in case when the same

Browse Source 
address specified for arguments uaddr and uaddr2.

PR:		218987
Reported by:	luke.tw gmail
MFC after:	1 week
This commit is contained in:
Dmitry Chagin 2017-05-01 12:25:37 +00:00
parent 52f72bfa66
commit 2ca5d34d20
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sys/compat/linux/linux_futex.c
View File

@ -952,6 +952,11 @@ retry1:
args->uaddr, args->val, args->uaddr2, args->val3, args->uaddr, args->val, args->uaddr2, args->val3,
args->timeout); args->timeout);
if (args->uaddr == args->uaddr2) {
LIN_SDT_PROBE1(futex, linux_sys_futex, return, EINVAL);
return (EINVAL);
}
retry2: retry2:
error = futex_get(args->uaddr, NULL, &f, flags | FUTEX_DONTLOCK); error = futex_get(args->uaddr, NULL, &f, flags | FUTEX_DONTLOCK);
if (error) { if (error) {
@ -959,9 +964,7 @@ retry2:
return (error); return (error);
} }
if (args->uaddr != args->uaddr2) error = futex_get(args->uaddr2, NULL, &f2, flags | FUTEX_DONTLOCK);
error = futex_get(args->uaddr2, NULL, &f2,
flags | FUTEX_DONTLOCK);
if (error) { if (error) {
futex_put(f, NULL); futex_put(f, NULL);