Date: Mon, 8 May 2017 10:51:30 +0000 (UTC) From: Dmitry Chagin <dchagin@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r317936 - stable/11/sys/compat/linux Message-ID: <201705081051.v48ApUKi083436@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dchagin Date: Mon May 8 10:51:30 2017 New Revision: 317936 URL: https://svnweb.freebsd.org/changeset/base/317936 Log: MFC r317645: Fix NULL pointer dereference in futex_wake_op() in case when the same address specified for arguments uaddr and uaddr2. PR: 218987 Modified: stable/11/sys/compat/linux/linux_futex.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/compat/linux/linux_futex.c ============================================================================== --- stable/11/sys/compat/linux/linux_futex.c Mon May 8 09:14:41 2017 (r317935) +++ stable/11/sys/compat/linux/linux_futex.c Mon May 8 10:51:30 2017 (r317936) @@ -952,6 +952,11 @@ retry1: args->uaddr, args->val, args->uaddr2, args->val3, args->timeout); + if (args->uaddr == args->uaddr2) { + LIN_SDT_PROBE1(futex, linux_sys_futex, return, EINVAL); + return (EINVAL); + } + retry2: error = futex_get(args->uaddr, NULL, &f, flags | FUTEX_DONTLOCK); if (error) { @@ -959,9 +964,7 @@ retry2: return (error); } - if (args->uaddr != args->uaddr2) - error = futex_get(args->uaddr2, NULL, &f2, - flags | FUTEX_DONTLOCK); + error = futex_get(args->uaddr2, NULL, &f2, flags | FUTEX_DONTLOCK); if (error) { futex_put(f, NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705081051.v48ApUKi083436>