From patchwork Sun Mar 20 21:19:45 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 64104 Delivered-To: patch@linaro.org Received: by 10.112.199.169 with SMTP id jl9csp1070074lbc; Sun, 20 Mar 2016 14:20:12 -0700 (PDT) X-Received: by 10.66.145.68 with SMTP id ss4mr40500747pab.79.1458508812586; Sun, 20 Mar 2016 14:20:12 -0700 (PDT) Return-Path: Received: from sourceware.org (server1.sourceware.org. [209.132.180.131]) by mx.google.com with ESMTPS id 79si20046386pfo.227.2016.03.20.14.20.12 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 20 Mar 2016 14:20:12 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-return-68235-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libc-alpha-return-68235-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) smtp.mailfrom=libc-alpha-return-68235-patch=linaro.org@sourceware.org; dkim=pass header.i=@sourceware.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id; q=dns; s= default; b=ZWRoz2y+HtzvTQljsSYcg8GvYHIpz52xx+FrGD9FWUGTdfPPHcnvQ nourWDBS9VUztKofuk/v0GLe9pT3v+EPdBUWtGfTFlavmiWZ4ZbYopZ//MxBxh8r OHgfJicWncrX2Dy+ANk/CsrWVK5ApX2RwXaIwUE/W51g3hIllkhkiY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id; s=default; bh=1OOKVbHPVJ4WnlavqhPWbulTCGo=; b=J88tdtrL8KufhAPb5+qnP/SPi/Fq 0DB9U0W3JrhHdh287LMOqGDe8iVZFe1NO9lO2UyMnUceTfmr/seQxHxujs9Rv1QL 7TG85qTcbS2iq/zZNbZkOh/R1YRTECOGseCaBOm/otZWvBu+NGTHsjg/0J5gHiZV ibC97qQGm6UqhB8= Received: (qmail 105301 invoked by alias); 20 Mar 2016 21:19:57 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 105288 invoked by uid 89); 20 Mar 2016 21:19:56 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy=COMMITTED, ec, adhemerval.zanella@linaro.org, 2576 X-HELO: mail-yw0-f171.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id; bh=+Yn7gqXiOm2v7o87seIogv/ESyaX81ClVC6F/tn3P5A=; b=l5+cTtKwZlis0VdW9z66yW24QIaAA+oQ0p/TbmHL7SEy2j/OjSMweNyvf+g243mMlB EFmvHJO8eiFvhR4qrXan8IRFumPJneOOOMwmB6rx3ovdTPifs8D/oFdn/F/wLvq3s6KL XF0sjdcXIz5Gf5Z8SlDOD/CI+TrkcWPMU2dxuKzHsbPbUEzI1CDpprSCXBd6z2jCnAvD DHDEsw7HVVZOisvg3B1e/5JATUUt3fbXEMlD8rqKddBw1eOTAUa0zTcFPdq67YViMMIm 397P4lxaBFo0W57IKTAycUkCXAtG4zZjHMV8d3gBvCer476P5G5uvaoFTWW0eDuYBuvh dJVw== X-Gm-Message-State: AD7BkJLyMmpk/lv0vINUxi+6TJO33L1s7GN6gOI/Rcakqe7zJd7JBQsgFfPvjYvUj64mnJVD X-Received: by 10.129.72.17 with SMTP id v17mr14157550ywa.228.1458508793448; Sun, 20 Mar 2016 14:19:53 -0700 (PDT) From: Adhemerval Zanella X-Google-Original-From: Adhemerval Zanella To: libc-alpha@sourceware.org Subject: [COMMITTED] [PATCH] posix: Fix posix_spawn invalid memory access Date: Sun, 20 Mar 2016 18:19:45 -0300 Message-Id: <1458508785-31315-1-git-send-email-adhemerval.zanella@linaro.com> Current Linux posix_spawn spawn do not test if the pid argument is valid before trying to update it for success case. This patch fixes it. Tested on x86_64 and i686. * sysdeps/unix/sysv/linux/spawni.c (__spawnix): Fix invalid memory access where posix_spawn success and pid argument is null. * posix/tst-spawn.c (do_test): Add posix_spawn null pid argument for success case. --- ChangeLog | 7 +++++++ posix/tst-spawn.c | 4 ++++ sysdeps/unix/sysv/linux/spawni.c | 2 +- 3 files changed, 12 insertions(+), 1 deletion(-) -- 1.9.1 diff --git a/ChangeLog b/ChangeLog index ceee215..6bd5a11 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2016-03-20 Adhemerval Zanella + + * sysdeps/unix/sysv/linux/spawni.c (__spawnix): Fix invalid memory + access where posix_spawn success and pid argument is null. + * posix/tst-spawn.c (do_test): Add posix_spawn null pid argument for + success case. + 2016-03-20 Samuel Thibault : * sysdeps/mach/hurd/i386/c++-types.data: New file. diff --git a/posix/tst-spawn.c b/posix/tst-spawn.c index 68f4357..c046098 100644 --- a/posix/tst-spawn.c +++ b/posix/tst-spawn.c @@ -257,6 +257,10 @@ do_test (int argc, char *argv[]) if (posix_spawn (&pid, argv[1], &actions, NULL, spargv, environ) != 0) error (EXIT_FAILURE, errno, "posix_spawn"); + /* Same test but with a NULL pid argument. */ + if (posix_spawn (NULL, argv[1], &actions, NULL, spargv, environ) != 0) + error (EXIT_FAILURE, errno, "posix_spawn"); + /* Cleanup. */ if (posix_spawn_file_actions_destroy (&actions) != 0) error (EXIT_FAILURE, errno, "posix_spawn_file_actions_destroy"); diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c index 454462b..cb80cea 100644 --- a/sysdeps/unix/sysv/linux/spawni.c +++ b/sysdeps/unix/sysv/linux/spawni.c @@ -381,7 +381,7 @@ __spawnix (pid_t * pid, const char *file, close_not_cancel (args.pipe[0]); - if (!ec && new_pid) + if (!ec && pid) *pid = new_pid; __sigprocmask (SIG_SETMASK, &args.oldmask, 0);