Page MenuHomeFreeBSD
Differential D23694

sysv_sem: fix the loop that compacts sem array on semaphores removal.
ClosedPublic
Actions

Authored by kib on Feb 15 2020, 11:11 AM.
Tags
None
Referenced Files
F154217527: D23694.id.diff
Mon, Apr 27, 5:00 AM
Unknown Object (File)
Fri, Apr 24, 3:09 PM
Unknown Object (File)
Tue, Apr 21, 2:03 PM
Unknown Object (File)
Mon, Apr 20, 3:29 PM
Unknown Object (File)
Mon, Apr 13, 10:22 PM
Unknown Object (File)
Mon, Apr 13, 1:46 PM
Unknown Object (File)
Sun, Apr 12, 2:32 AM
Unknown Object (File)
Wed, Apr 8, 12:50 PM
View All 74 Files
Subscribers
imp
pho

Details

Reviewers
markj
Commits
rS357984: sem_remove(): fix the loop that compacts sem array on semaphores removal.
rS357983: sem_remove(): add some asserts.
rS357982: Use designated initializers for seminfo.
Summary

As written now, it copies random kernel memory from beyond the bounds of the array.

While there, use designated initialisers for seminfo, and add assert in sem_remove() that sema is sane. [These will be separate commits].

Reported and tested by: pho

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
18 lines

Diff 68378

View Options

head/sys/kern/sysv_sem.c

Loading...