d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not dereference linux_to_bsd_signal[-1] if userland has

Browse Source 
passed zero as exit signal.

GCC 4.2 changes the kernel data segment layout not to have 0
in that memory location. This code ran by luck before and now
the luck has run out.
This commit is contained in:
Alexander Kabaev 2007-05-11 01:25:51 +00:00
parent 4b8e42baab
commit ec69a8a6d2
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sys/amd64/linux32/linux32_machdep.c
View File

@ -561,12 +561,13 @@ linux_clone(struct thread *td, struct linux_clone_args *args)
#endif
exit_signal = args->flags & 0x000000ff;
if (!LINUX_SIG_VALID(exit_signal) && exit_signal != 0)
if (LINUX_SIG_VALID(exit_signal)) {
if (exit_signal <= LINUX_SIGTBLSZ)
exit_signal =
linux_to_bsd_signal[_SIG_IDX(exit_signal)];
} else if (exit_signal != 0)
return (EINVAL);
if (exit_signal <= LINUX_SIGTBLSZ)
exit_signal = linux_to_bsd_signal[_SIG_IDX(exit_signal)];
if (args->flags & LINUX_CLONE_VM)
ff |= RFMEM;
if (args->flags & LINUX_CLONE_SIGHAND)

9
sys/i386/linux/linux_machdep.c
View File

@ -400,12 +400,13 @@ linux_clone(struct thread *td, struct linux_clone_args *args)
#endif
exit_signal = args->flags & 0x000000ff;
if (!LINUX_SIG_VALID(exit_signal) && exit_signal != 0)
if (LINUX_SIG_VALID(exit_signal)) {
if (exit_signal <= LINUX_SIGTBLSZ)
exit_signal =
linux_to_bsd_signal[_SIG_IDX(exit_signal)];
} else if (exit_signal != 0)
return (EINVAL);
if (exit_signal <= LINUX_SIGTBLSZ)
exit_signal = linux_to_bsd_signal[_SIG_IDX(exit_signal)];
if (args->flags & LINUX_CLONE_VM)
ff |= RFMEM;
if (args->flags & LINUX_CLONE_SIGHAND)