picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Never call unmap with MAP_FAILED. (#5590) 

When mmap is called, the code in correctly checks for p == MAP_FAILED.

But the resource cleanup at the end of busname_peek_message checks for
p == NULL, and if that's not true, munmap is called.

Therefore in error case, munmap is called with a MAP_FAILED argument
which can result in unexpected behaviour depending on sz's value.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
This commit is contained in:
Tobias Stoeckmann 2017-03-14 22:33:22 +01:00 committed by Zbigniew Jędrzejewski-Szmek
parent 6f94e420e8
commit ff8017c4a2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/busname.c
View File

@ -764,7 +764,7 @@ static int busname_peek_message(BusName *n) {
struct kdbus_item *d;
struct kdbus_msg *k;
size_t start, ps, sz, delta;
void *p = NULL;
void *p = MAP_FAILED;
pid_t pid = 0;
int r;
@ -825,7 +825,7 @@ static int busname_peek_message(BusName *n) {
r = 0;
finish:
if (p)
if (p != MAP_FAILED)
(void) munmap(p, sz);
cmd_free.offset = cmd_recv.msg.offset;