[9fans] 9vx frogs - Plan9

This is a discussion on [9fans] 9vx frogs - Plan9 ; Trying to exec a filename with frogs in it causes the first validnamedup() in sysexec to throw an error. The waserror branch then tries to free(file) causing an invalid pointer in munmap_chunk. I can provide a trace if necessary but ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [9fans] 9vx frogs

  1. [9fans] 9vx frogs

    Trying to exec a filename with frogs in it causes the first
    validnamedup() in sysexec to throw an error. The waserror
    branch then tries to free(file) causing an invalid pointer
    in munmap_chunk.

    I can provide a trace if necessary but I think it's just
    a matter of not trying to free "file" before it becomes
    a heap address from the dup.

    Anthony


  2. Re: [9fans] 9vx frogs

    > Trying to exec a filename with frogs in it causes the first
    > validnamedup() in sysexec to throw an error. The waserror
    > branch then tries to free(file) causing an invalid pointer
    > in munmap_chunk.
    >
    > I can provide a trace if necessary but I think it's just
    > a matter of not trying to free "file" before it becomes
    > a heap address from the dup.


    Thanks, perfect summary.
    The fix is below. I'm not going to bother packing up
    a new version yet, and I don't have a public repository
    yet either.

    Russ

    --- a/src/9vx/a/sysproc.c
    +++ b/src/9vx/a/sysproc.c
    @@ -219,7 +219,7 @@ long
    long
    sysexec(ulong *arg)
    {
    - char *volatile elem, *volatile file;
    + char *volatile elem, *volatile file, *ufile;
    Chan *volatile tc;

    /*
    @@ -238,8 +238,8 @@ sysexec(ulong *arg)
    nexterror();
    }

    - file = uvalidaddr(arg[0], 1, 0);
    - file = validnamedup(file, 1);
    + ufile = uvalidaddr(arg[0], 1, 0);
    + file = validnamedup(ufile, 1);
    tc = namec(file, Aopen, OEXEC, 0);
    kstrdup((char**)&elem, up->genbuf);




+ Reply to Thread