From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@9fans.net Subject: Re: [9fans] 9vx frogs From: "Russ Cox" Date: Fri, 27 Jun 2008 13:10:06 -0400 In-Reply-To: <20080627164555.GA20301@dinah> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Message-Id: <20080627170811.1910B1E8C35@holo.morphisms.net> Topicbox-Message-UUID: c8cbc344-ead3-11e9-9d60-3106f5b1d025 > Trying to exec a filename with frogs in it causes the first > validnamedup() in sysexec to throw an error. The waserror > branch then tries to free(file) causing an invalid pointer > in munmap_chunk. > > I can provide a trace if necessary but I think it's just > a matter of not trying to free "file" before it becomes > a heap address from the dup. Thanks, perfect summary. The fix is below. I'm not going to bother packing up a new version yet, and I don't have a public repository yet either. Russ --- a/src/9vx/a/sysproc.c +++ b/src/9vx/a/sysproc.c @@ -219,7 +219,7 @@ long long sysexec(ulong *arg) { - char *volatile elem, *volatile file; + char *volatile elem, *volatile file, *ufile; Chan *volatile tc; /* @@ -238,8 +238,8 @@ sysexec(ulong *arg) nexterror(); } - file = uvalidaddr(arg[0], 1, 0); - file = validnamedup(file, 1); + ufile = uvalidaddr(arg[0], 1, 0); + file = validnamedup(ufile, 1); tc = namec(file, Aopen, OEXEC, 0); kstrdup((char**)&elem, up->genbuf);