theres a bug in devproc again.
the fd is not bounds checked for the "close fd"
procctl command and the "closefiles" command misses
the last fd as it iterates from:
fd=0 to maxfd-1 and not to maxfd in procctlclosefiles()
static void
procctlcloseone(Proc *p, Fgrp *f, int fd)
{
Chan *c;
c = f->fd[fd]; // <-- not checked
if(c == nil)
return;
f->fd[fd] = nil;
unlock(f);
qunlock(&p->debug);
cclose(c);
qlock(&p->debug);
lock(f);
}
procctlclosefiles(Proc *p, int all, int fd)
{
int i;
Fgrp *f;
f = p->fgrp;
if(f == nil)
error(Eprocdied);
lock(f);
f->ref++;
if(all)
for(i = 0; i < f->maxfd; i++) // <-- wrong
procctlcloseone(p, f, i);
else
procctlcloseone(p, f, fd);
unlock(f);
closefgrp(f);
}
...
case CMclose:
procctlclosefiles(p, 0, atoi(cb->f[1])); // <-- fd can
be anything
break;
case CMclosefiles:
procctlclosefiles(p, 1, 0);
break;
--
cinap
