fork of 9front i guess
4b4070a8b9
the syscallno check in syscallfmt() was wrong. the unsigned syscall number was cast to an signed integer. so negative values would pass the check provoking bad memory access from kernel. the check also has an off by one. one has to check syscallno >= nsyscalls instead of syscallno > nsyscalls. access to the p->syscalltrace string was not protected from modification in devproc. you could awake the process and cause it to free the string giving an opportunity for the kernel to access bad memory. or someone could kill the process (pexit would just free it). now the string is protected by the usual p->debug qlock. we also keep the string arround until it is overwritten again or the process exists. this has the nice side effect that one can inspect it after the process crashed. another problem was that our validaddr() would error() instead of pexiting the current process. the code was changed to only access up->s.args after it was validated and copied instead of accessing the user stack directly. this also prevents a sneaky multithreaded process from chaning the arguments under us. in case our validaddr() errors, we cannot assume valid user stack after the waserror() if block. use up->s.arg[0] for the noted() call to avoid bad access. |
||
|---|---|---|
| 386 | ||
| 68000 | ||
| 68020 | ||
| acme | ||
| adm/timezone | ||
| alpha | ||
| amd64 | ||
| arm | ||
| lib | ||
| mips | ||
| power | ||
| power64 | ||
| rc | ||
| sparc | ||
| sparc64 | ||
| sys | ||
| .hgignore | ||