On Mon, 9 Jun 2003 10:28:33 +0200
[EMAIL PROTECTED] (Ted Lindgreen) wrote:
> However, I guess that mplayer has had this error already, but that
> a change in uthread_close.c as of May 31 has caused this problem
> to show up now.
> In particular: the unprotected usage of a very large value of "fd"
> in "_thread_fd_table[fd]" leads to the segmentation violation.
>
> Previously the systemcall just returned an error without getting
> into a segmentation violation.
> Question:
> shouldn't _close in uthread_close.c do some sanity check on "fd"
> before using it as an array index?
Try the attached patch.
Bye,
Alexander.
--
Intel: where Quality is job number 0.9998782345!
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
Index: lib/libc_r/uthread/uthread_close.c
===================================================================
RCS file: /big/FreeBSD-CVS/src/lib/libc_r/uthread/uthread_close.c,v
retrieving revision 1.15
diff -u -r1.15 uthread_close.c
--- lib/libc_r/uthread/uthread_close.c 31 May 2003 05:23:20 -0000 1.15
+++ lib/libc_r/uthread/uthread_close.c 9 Jun 2003 09:18:50 -0000
@@ -49,7 +49,8 @@
struct stat sb;
struct fd_table_entry *entry;
- if ((fd == _thread_kern_pipe[0]) || (fd == _thread_kern_pipe[1]) ||
+ if ((fd < 0) || (fd >= _thread_dtablesize) ||
+ (fd == _thread_kern_pipe[0]) || (fd == _thread_kern_pipe[1]) ||
(_thread_fd_table[fd] == NULL)) {
/*
* Don't allow silly programs to close the kernel pipe
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
