Date: Fri, 22 Mar 1996 15:33:06 -0500 From: Stephane Russell <stef@stef.prod.com> Message-ID: <199603222033.PAA00509@stef.prod.com>
next in thread | raw e-mail | index | archive | help
BUG REPORT
----------
- File: src/gnu/usr.bin/ld/rtld.c
- Function: unmaphints
The function maphints map the hint file two times if the size of the hint file
is bigger than PAGSIZ:
> hsize = PAGSIZ;
> addr = mmap(0, hsize, PROT_READ, MAP_COPY, hfd, 0);
than
> if (hheader->hh_ehints > hsize) {
> if (mmap(addr+hsize, hheader->hh_ehints - hsize,
> PROT_READ, MAP_COPY|MAP_FIXED,
> hfd, hsize) != (caddr_t)(addr+hsize)) {
>
> munmap((caddr_t)hheader, hsize);
> close(hfd);
> hheader = (struct hints_header *)-1;
> return;
> }
The function umaphints forgets to unmap the second part, if necessary:
> static void
> unmaphints()
> {
>
> if (HINTS_VALID) {
> munmap((caddr_t)hheader, hsize);
> close(hfd);
> hheader = NULL;
> }
> }
As you can see, if the hint file grows bigger than PAGSIZ, this can lead to problems.
Stef
102556,543@compuserve.com
Note: There is probably no e-mail adress indicated on top of the letter. If you
need to communicate with me, use the adress just above this note.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199603222033.PAA00509>