* Re: [9fans] 9vx frogs
2008-06-27 16:45 [9fans] 9vx frogs Anthony Martin
@ 2008-06-27 17:10 ` Russ Cox
0 siblings, 0 replies; 2+ messages in thread
From: Russ Cox @ 2008-06-27 17:10 UTC (permalink / raw)
To: 9fans
> Trying to exec a filename with frogs in it causes the first
> validnamedup() in sysexec to throw an error. The waserror
> branch then tries to free(file) causing an invalid pointer
> in munmap_chunk.
>
> I can provide a trace if necessary but I think it's just
> a matter of not trying to free "file" before it becomes
> a heap address from the dup.
Thanks, perfect summary.
The fix is below. I'm not going to bother packing up
a new version yet, and I don't have a public repository
yet either.
Russ
--- a/src/9vx/a/sysproc.c
+++ b/src/9vx/a/sysproc.c
@@ -219,7 +219,7 @@ long
long
sysexec(ulong *arg)
{
- char *volatile elem, *volatile file;
+ char *volatile elem, *volatile file, *ufile;
Chan *volatile tc;
/*
@@ -238,8 +238,8 @@ sysexec(ulong *arg)
nexterror();
}
- file = uvalidaddr(arg[0], 1, 0);
- file = validnamedup(file, 1);
+ ufile = uvalidaddr(arg[0], 1, 0);
+ file = validnamedup(ufile, 1);
tc = namec(file, Aopen, OEXEC, 0);
kstrdup((char**)&elem, up->genbuf);
^ permalink raw reply [flat|nested] 2+ messages in thread