Hi,
In exec_script_makecmds function, when EXEC_HASFD flag was set, but
copystr/copyinstr returns an error, we need to set *tmpsap to NULL to
terminate a loop (under "fail" label) correctly.
Index: sys/kern/exec_script.c
===================================================================
RCS file: /cvs/src/sys/kern/exec_script.c,v
retrieving revision 1.36
diff -u -p -r1.36 exec_script.c
--- sys/kern/exec_script.c 10 Sep 2015 18:10:35 -0000 1.36
+++ sys/kern/exec_script.c 13 Dec 2015 18:33:53 -0000
@@ -222,8 +222,10 @@ check_shell:
#endif
error = copyinstr(epp->ep_name, *tmpsap++, MAXPATHLEN,
NULL);
- if (error != 0)
+ if (error != 0) {
+ *tmpsap = NULL;
goto fail;
+ }
} else
snprintf(*tmpsap++, MAXPATHLEN, "/dev/fd/%d", epp->ep_fd);
*tmpsap = NULL;
