Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-05-21 21:34:07 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

binfmt/copyaction: fix prev->flink did not use from kmalloc.

Browse Source 
We should not modify the input actions, casing when kernel build,
userspace call posix_spawn touch kernel address.

Signed-off-by: buxiasen <buxiasen@xiaomi.com>
This commit is contained in:
buxiasen
2025-02-21 19:00:35 +08:00
committed by archer
parent 17a80e90bd
commit 0e5cb896c4
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
binfmt/binfmt_copyactions.c
+4 -1
View File
@@ -109,7 +109,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t **copy,
}
for (entry = (FAR struct spawn_general_file_action_s *)actions,
prev = NULL; entry != NULL; prev = entry, entry = entry->flink)
prev = NULL; entry != NULL; entry = entry->flink)
{
switch (entry->action)
{
@@ -122,6 +122,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t **copy,
prev->flink = (FAR void *)close;
}
prev = (FAR void *)close;
buffer = close + 1;
break;
@@ -134,6 +135,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t **copy,
prev->flink = (FAR void *)dup2;
}
prev = (FAR void *)dup2;
buffer = dup2 + 1;
break;
@@ -149,6 +151,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t **copy,
strcpy(open->path, tmp->path);
prev = (FAR void *)open;
buffer = (FAR char *)buffer +
ALIGN_UP(SIZEOF_OPEN_FILE_ACTION_S(strlen(tmp->path)),
sizeof(FAR void *));