Module Name: src
Committed By: riz
Date: Fri Feb 8 20:45:50 UTC 2013
Modified Files:
src/sys/compat/netbsd32 [netbsd-6]: netbsd32_execve.c
Log Message:
Pull up following revision(s) (requested by hannken in ticket #793):
sys/compat/netbsd32/netbsd32_execve.c: revision 1.37
netbsd32_posix_spawn_fa_alloc: use the right length for path allocation.
This error lead to memory pool corruption when freeing kmem with wrong size.
To generate a diff of this commit:
cvs rdiff -u -r1.33.2.1 -r1.33.2.2 src/sys/compat/netbsd32/netbsd32_execve.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/netbsd32/netbsd32_execve.c
diff -u src/sys/compat/netbsd32/netbsd32_execve.c:1.33.2.1 src/sys/compat/netbsd32/netbsd32_execve.c:1.33.2.2
--- src/sys/compat/netbsd32/netbsd32_execve.c:1.33.2.1 Thu Apr 12 17:05:38 2012
+++ src/sys/compat/netbsd32/netbsd32_execve.c Fri Feb 8 20:45:50 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_execve.c,v 1.33.2.1 2012/04/12 17:05:38 riz Exp $ */
+/* $NetBSD: netbsd32_execve.c,v 1.33.2.2 2013/02/08 20:45:50 riz Exp $ */
/*
* Copyright (c) 1998, 2001 Matthew R. Green
@@ -28,7 +28,7 @@
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_execve.c,v 1.33.2.1 2012/04/12 17:05:38 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_execve.c,v 1.33.2.2 2013/02/08 20:45:50 riz Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -141,7 +141,7 @@ netbsd32_posix_spawn_fa_alloc(struct pos
MAXPATHLEN, &slen);
if (error)
goto out;
- fae->fae_path = kmem_alloc(fal, KM_SLEEP);
+ fae->fae_path = kmem_alloc(slen, KM_SLEEP);
memcpy(fae->fae_path, pbuf, slen);
fae->fae_oflag = f32->fae_oflag;
fae->fae_mode = f32->fae_mode;
