ref: 0cdb32cc18b953fd22e86ba6fc6e24787f254576
parent: 269788514c9dae931ed6ac537786e56cabe44296
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Feb 2 10:11:19 EST 2014
kernel: fix bogus free in sysexec. we free the wrong pointer in the waserror() block.
--- a/sys/src/9/port/sysproc.c
+++ b/sys/src/9/port/sysproc.c
@@ -251,8 +251,7 @@
Image *img;
Tos *tos;
- a = nil;
- elem = nil;
+ args = elem = nil;
file0 = va_arg(list, char*);
validaddr((uintptr)file0, 1, 0);
argp0 = va_arg(list, char**);
@@ -260,7 +259,7 @@
if(waserror()){free(file0);
free(elem);
- free(a);
+ free(args);
/* Disaster after commit */
if(!up->seg[SSEG])
pexit(up->errstr, 1);
@@ -396,7 +395,7 @@
argv = (char**)(tstk - ssize);
charp = (char*)(tstk - nbytes);
- args = charp;
+ a = charp;
if(indir)
argp = progarg;
else
@@ -414,18 +413,18 @@
}
/* copy args; easiest from new process's stack */
- n = charp - args;
+ n = charp - a;
if(n > 128) /* don't waste too much space on huge arg lists */
n = 128;
- a = smalloc(n);
- memmove(a, args, n);
- if(n>0 && a[n-1]!='\0'){+ args = smalloc(n);
+ memmove(args, a, n);
+ if(n>0 && args[n-1]!='\0'){/* make sure last arg is NUL-terminated */
/* put NUL at UTF-8 character boundary */
for(i=n-1; i>0; --i)
- if(fullrune(a+i, n-i))
+ if(fullrune(args+i, n-i))
break;
- a[i] = 0;
+ args[i] = 0;
n = i+1;
}
@@ -505,7 +504,7 @@
free(up->text);
up->text = elem;
free(up->args);
- up->args = a;
+ up->args = args;
up->nargs = n;
up->setargs = 0;
--
⑨