Module Name: src Committed By: riz Date: Fri Feb 8 20:45:50 UTC 2013
Modified Files: src/sys/compat/netbsd32 [netbsd-6]: netbsd32_execve.c Log Message: Pull up following revision(s) (requested by hannken in ticket #793): sys/compat/netbsd32/netbsd32_execve.c: revision 1.37 netbsd32_posix_spawn_fa_alloc: use the right length for path allocation. This error lead to memory pool corruption when freeing kmem with wrong size. To generate a diff of this commit: cvs rdiff -u -r1.33.2.1 -r1.33.2.2 src/sys/compat/netbsd32/netbsd32_execve.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/compat/netbsd32/netbsd32_execve.c diff -u src/sys/compat/netbsd32/netbsd32_execve.c:1.33.2.1 src/sys/compat/netbsd32/netbsd32_execve.c:1.33.2.2 --- src/sys/compat/netbsd32/netbsd32_execve.c:1.33.2.1 Thu Apr 12 17:05:38 2012 +++ src/sys/compat/netbsd32/netbsd32_execve.c Fri Feb 8 20:45:50 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: netbsd32_execve.c,v 1.33.2.1 2012/04/12 17:05:38 riz Exp $ */ +/* $NetBSD: netbsd32_execve.c,v 1.33.2.2 2013/02/08 20:45:50 riz Exp $ */ /* * Copyright (c) 1998, 2001 Matthew R. Green @@ -28,7 +28,7 @@ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: netbsd32_execve.c,v 1.33.2.1 2012/04/12 17:05:38 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: netbsd32_execve.c,v 1.33.2.2 2013/02/08 20:45:50 riz Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -141,7 +141,7 @@ netbsd32_posix_spawn_fa_alloc(struct pos MAXPATHLEN, &slen); if (error) goto out; - fae->fae_path = kmem_alloc(fal, KM_SLEEP); + fae->fae_path = kmem_alloc(slen, KM_SLEEP); memcpy(fae->fae_path, pbuf, slen); fae->fae_oflag = f32->fae_oflag; fae->fae_mode = f32->fae_mode;