Justus Winter, le Fri 08 Nov 2013 21:24:16 +0100, a écrit :
> If we have to create a new process group, we have to do this before
> leaving the current one. The current process group is deallocated if
> the process is the last process in that group. Likewise, if the
> current group was the last group in the current groups session, the
> session is deallocated.
>
> Found using the Clang Static Analyzer.
Ack.
> * proc/pgrp.c (S_proc_setpgrp): Fix use-after-free error.
> ---
> proc/pgrp.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/proc/pgrp.c b/proc/pgrp.c
> index d4ea9ee..a828e17 100644
> --- a/proc/pgrp.c
> +++ b/proc/pgrp.c
> @@ -341,8 +341,14 @@ S_proc_setpgrp (struct proc *callerp,
>
> if (p->p_pgrp != pg)
> {
> + /* If we have to create a new pgrp, we have to do this before
> + leaving the current one. p->p_pgrp is deallocated if p is
> + the last process in that group. Likewise, if p->p_pgrp was
> + the last group in p->p_pgrp->pg_session, the session is
> + deallocated. */
> + struct pgrp *new = pg ? pg : new_pgrp (pgid, p->p_pgrp->pg_session);
> leave_pgrp (p);
> - p->p_pgrp = pg ? pg : new_pgrp (pgid, p->p_pgrp->pg_session);
> + p->p_pgrp = new;
> join_pgrp (p);
> }
> else
> --
> 1.7.10.4
>
>
--
Samuel
X-Favorit-Cartoon: Calvin and Hobbes
-+- Mail header of Wim van Dorst -+-
