bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 08/14] proc: fix a use-after-free error

From: Samuel Thibault
Subject: Re: [PATCH 08/14] proc: fix a use-after-free error
Date: Sat, 9 Nov 2013 19:12:31 +0100
User-agent: Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30) 
Justus Winter, le Fri 08 Nov 2013 21:24:16 +0100, a écrit :
> If we have to create a new process group, we have to do this before
> leaving the current one. The current process group is deallocated if
> the process is the last process in that group. Likewise, if the
> current group was the last group in the current groups session, the
> session is deallocated.
> 
> Found using the Clang Static Analyzer.

Ack.

> * proc/pgrp.c (S_proc_setpgrp): Fix use-after-free error.
> ---
>  proc/pgrp.c |    8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/proc/pgrp.c b/proc/pgrp.c
> index d4ea9ee..a828e17 100644
> --- a/proc/pgrp.c
> +++ b/proc/pgrp.c
> @@ -341,8 +341,14 @@ S_proc_setpgrp (struct proc *callerp,
>  
>    if (p->p_pgrp != pg)
>      {
> +      /* If we have to create a new pgrp, we have to do this before
> +      leaving the current one.  p->p_pgrp is deallocated if p is
> +      the last process in that group.  Likewise, if p->p_pgrp was
> +      the last group in p->p_pgrp->pg_session, the session is
> +      deallocated.  */
> +      struct pgrp *new = pg ? pg : new_pgrp (pgid, p->p_pgrp->pg_session);
>        leave_pgrp (p);
> -      p->p_pgrp = pg ? pg : new_pgrp (pgid, p->p_pgrp->pg_session);
> +      p->p_pgrp = new;
>        join_pgrp (p);
>      }
>    else
> -- 
> 1.7.10.4
> 
> 

-- 
Samuel
X-Favorit-Cartoon: Calvin and Hobbes
 -+- Mail header of Wim van Dorst -+-
reply via email to
[Prev in Thread] Current Thread [Next in Thread]