CVSROOT: /cvs Module name: src Changes by: an...@cvs.openbsd.org 2020/03/04 01:04:48
Modified files:
sys/kern : sysv_shm.c
Log message:
Grab a reference for the shared memory segment before calling uvm_map()
as the same function could end up putting the thread to sleep. Allowing
another thread to free the shared memory segment, which in turns causes
a use-after-free.
With help from and ok millert@ visa@
Reported-by: syzbot+0fc1766671a9461de...@syzkaller.appspotmail.com
