luchianmihai/walnux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

binfmt/copyaction: fix prev->flink did not use from kmalloc.

Browse source 
We should not modify the input actions, casing when kernel build,
userspace call posix_spawn touch kernel address.

Signed-off-by: buxiasen <buxiasen@xiaomi.com>
This commit is contained in:
buxiasen 2025-02-21 19:00:35 +08:00 committed by archer
parent 17a80e90bd
commit 0e5cb896c4
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
binfmt/binfmt_copyactions.c
View file

@ -109,7 +109,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t **copy,
}
for (entry = (FAR struct spawn_general_file_action_s *)actions,
prev = NULL; entry != NULL; prev = entry, entry = entry->flink)
prev = NULL; entry != NULL; entry = entry->flink)
{
switch (entry->action)
{
@ -122,6 +122,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t **copy,
prev->flink = (FAR void *)close;
}
prev = (FAR void *)close;
buffer = close + 1;
break;
@ -134,6 +135,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t **copy,
prev->flink = (FAR void *)dup2;
}
prev = (FAR void *)dup2;
buffer = dup2 + 1;
break;
@ -149,6 +151,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t **copy,
strcpy(open->path, tmp->path);
prev = (FAR void *)open;
buffer = (FAR char *)buffer +
ALIGN_UP(SIZEOF_OPEN_FILE_ACTION_S(strlen(tmp->path)),
sizeof(FAR void *));