From 2a69f853c03034c2e383e0f9c35b5402ce8b5473 Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Date: Sun, 20 Mar 2016 17:35:24 -0300 Subject: [PATCH] posix: Fix posix_spawn invalid memory access Current Linux posix_spawn spawn do not test if the pid argument is valid before trying to update it for success case. This patch fixes it. Tested on x86_64 and i686. * sysdeps/unix/sysv/linux/spawni.c (__spawnix): Fix invalid memory access where posix_spawn success and pid argument is null. * posix/tst-spawn.c (do_test): Add posix_spawn null pid argument for success case. --- ChangeLog | 7 +++++++ posix/tst-spawn.c | 4 ++++ sysdeps/unix/sysv/linux/spawni.c | 2 +- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ceee215e3e..6bd5a11769 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2016-03-20 Adhemerval Zanella + + * sysdeps/unix/sysv/linux/spawni.c (__spawnix): Fix invalid memory + access where posix_spawn success and pid argument is null. + * posix/tst-spawn.c (do_test): Add posix_spawn null pid argument for + success case. + 2016-03-20 Samuel Thibault : * sysdeps/mach/hurd/i386/c++-types.data: New file. diff --git a/posix/tst-spawn.c b/posix/tst-spawn.c index 68f435789f..c04609864e 100644 --- a/posix/tst-spawn.c +++ b/posix/tst-spawn.c @@ -257,6 +257,10 @@ do_test (int argc, char *argv[]) if (posix_spawn (&pid, argv[1], &actions, NULL, spargv, environ) != 0) error (EXIT_FAILURE, errno, "posix_spawn"); + /* Same test but with a NULL pid argument. */ + if (posix_spawn (NULL, argv[1], &actions, NULL, spargv, environ) != 0) + error (EXIT_FAILURE, errno, "posix_spawn"); + /* Cleanup. */ if (posix_spawn_file_actions_destroy (&actions) != 0) error (EXIT_FAILURE, errno, "posix_spawn_file_actions_destroy"); diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c index 454462be47..cb80cea00f 100644 --- a/sysdeps/unix/sysv/linux/spawni.c +++ b/sysdeps/unix/sysv/linux/spawni.c @@ -381,7 +381,7 @@ __spawnix (pid_t * pid, const char *file, close_not_cancel (args.pipe[0]); - if (!ec && new_pid) + if (!ec && pid) *pid = new_pid; __sigprocmask (SIG_SETMASK, &args.oldmask, 0); -- 2.43.5