]> CyberLeo.Net >> Repos - FreeBSD/stable/10.git/commit
projects / FreeBSD / stable / 10.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 39b5671) | patch
MFC r294565: sem: Don't free nameinfo that is still in list when open()
authorjilles <jilles@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Wed, 27 Jan 2016 22:56:04 +0000 (22:56 +0000)
committerjilles <jilles@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Wed, 27 Jan 2016 22:56:04 +0000 (22:56 +0000)
commit40c50899af97120a73d04251c9a52fe5786aaa31
tree6566abe70454f4bb516d4bc56029438a4af29a18tree | snapshot
parent39b56714f85575e53134095aa0093866fdd5e225commit | diff
MFC r294565: sem: Don't free nameinfo that is still in list when open()
fails.

This bug could be reproduced easily by calling sem_open() with O_CREAT |
O_EXCL on a semaphore that is already open in the process. The struct
sem_nameinfo would be freed while still in sem_list and later calls to
sem_open() or sem_close() could access freed memory.

PR: 206396

git-svn-id: svn://svn.freebsd.org/base/stable/10@294963 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
lib/libc/gen/sem_new.c diff | blob | history
tools/regression/posixsem2/semtest.c diff | blob | history
10-STABLE