[opensc-devel] OpenCT SIGSEGV mmap - fix

Fri, 25 Apr 2008 04:51:16 -0700 

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210038592 (LWP 2240)]
0xb7e6e5b4 in memset () from /lib/tls/libc.so.6
(gdb) backtrace
#0  0xb7e6e5b4 in memset () from /lib/tls/libc.so.6
#1  0xb7f4c28e in ct_status_alloc_slot (num=0xbffaed24) at status.c:144
#2  0x0804a5ac in main (argc=5, argv=Cannot access memory at address 0x5
) at ifdhandler.c:119


openct/src/ct/status.c:

ct_map_status:

55:         addr = mmap(NULL, *size, prot, MAP_SHARED, fd, 0);
!!! *size == 0

ct_status_alloc_slot:

108:        info = (ct_info_t *) ct_map_status(O_RDWR, &size);
109:        if (info == NULL)
110:                return NULL;

!!! Linux-2.6.x:  info == -1  // (info == MAP_FAILED)
!!! Linux-2.4.x:  info == NULL

143:        memset(&info[*num], 0, sizeof(ct_info_t));
!!! SIGSEGV


http://www.opengroup.org/onlinepubs/000095399/functions/mmap.html :
RETURN VALUE
     Upon successful completion, the mmap() function shall return the
address at which the mapping was placed ( pa); otherwise, it shall
return a value of MAP_FAILED and set errno to indicate the error.


linux/mm/mmap.c: do_mmap_pgoff:

Linux-2.4.36:
414:         if (!len)
415:                 return addr;
http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=blob;f=mm/mmap.c;h=536510a249374f4b1cc0753a0dfb4cb44c741eff;hb=89daf14f822d33ecb1ea5681fd968bd6a46cfc8c#l415

Linux-2.6.25:
917:         if (!len)
918:                 return -EINVAL;
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=mm/mmap.c;h=a32d28ce31cda697aff68fdc6c939560096e3a50;hb=4b119e21d0c66c22e8ca03df05d9de623d0eb50f#l918


diff -u -r openct-0.6.14/src/ct/status.c new/openct-0.6.14/src/ct/status.c
--- openct-0.6.14/src/ct/status.c       2007-05-26 01:11:46.000000000 +0400
+++ new/openct-0.6.14/src/ct/status.c   2007-11-08 14:54:54.000000000 +0300
@@ -53,6 +53,8 @@
                prot |= PROT_WRITE;
 
        addr = mmap(NULL, *size, prot, MAP_SHARED, fd, 0);
+       if (addr == MAP_FAILED)
+               addr = NULL;
 
       done:close(fd);
        return addr;


_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to