Date: Sun, 3 Dec 1995 16:44:37 +0100 From: nox@jelal.hb.north.de To: FreeBSD-gnats-submit@freebsd.org Subject: kern/865: bogus shmdt(2) call -> page fault Message-ID: <200012031544.QAA01012@saturn> Resent-Message-ID: <199512040200.SAA13956@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 865
>Category: kern
>Synopsis: bogus shmdt(2) call can crash system
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Dec 3 18:00:08 PST 1995
>Last-Modified:
>Originator: Juergen Lock
>Organization:
Orga-what? :)
>Release: FreeBSD 2.0-BUILT-19950603 i386
>Environment:
2.1.0 kernel (rest partly 2.0.5...)
>Description:
>How-To-Repeat:
#include <sys/shm.h>
main () {
shmdt(0);
}
>Fix:
Index: sys/kern/sysv_shm.c
@@ -173,6 +173,8 @@
int i;
shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm;
+ if (shmmap_s == NULL)
+ return EINVAL;
for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
if (shmmap_s->shmid != -1 &&
shmmap_s->va == (vm_offset_t)uap->shmaddr)
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012031544.QAA01012>