This is an automated email from the ASF dual-hosted git repository.
archer pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git
commit 0e5cb896c44bc9b602f2e7199a23983f0819f744
Author: buxiasen <buxia...@xiaomi.com>
AuthorDate: Fri Feb 21 19:00:35 2025 +0800
binfmt/copyaction: fix prev->flink did not use from kmalloc.
We should not modify the input actions, casing when kernel build,
userspace call posix_spawn touch kernel address.
Signed-off-by: buxiasen <buxia...@xiaomi.com>
---
binfmt/binfmt_copyactions.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/binfmt/binfmt_copyactions.c b/binfmt/binfmt_copyactions.c
index b87d4c7946..715dcbdc75 100644
--- a/binfmt/binfmt_copyactions.c
+++ b/binfmt/binfmt_copyactions.c
@@ -109,7 +109,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t
**copy,
}
for (entry = (FAR struct spawn_general_file_action_s *)actions,
- prev = NULL; entry != NULL; prev = entry, entry = entry->flink)
+ prev = NULL; entry != NULL; entry = entry->flink)
{
switch (entry->action)
{
@@ -122,6 +122,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t
**copy,
prev->flink = (FAR void *)close;
}
+ prev = (FAR void *)close;
buffer = close + 1;
break;
@@ -134,6 +135,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t
**copy,
prev->flink = (FAR void *)dup2;
}
+ prev = (FAR void *)dup2;
buffer = dup2 + 1;
break;
@@ -149,6 +151,7 @@ int binfmt_copyactions(FAR const posix_spawn_file_actions_t
**copy,
strcpy(open->path, tmp->path);
+ prev = (FAR void *)open;
buffer = (FAR char *)buffer +
ALIGN_UP(SIZEOF_OPEN_FILE_ACTION_S(strlen(tmp->path)),
sizeof(FAR void *));
