system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-17 05:12:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Kernel: Disown shared buffers on sys$execve()

Browse source 
When committing to a new executable, disown any shared buffers that the
process was previously co-owning.

Otherwise accessing the same shared buffer ID from the new program
would cause the kernel to find a cached (and stale!) reference to the
previous program's VM region corresponding to that shared buffer,
leading to a Region* use-after-free.

Fixes #1270.
This commit is contained in:
Andreas Kling 2020-02-22 12:27:12 +01:00
parent af02d0ee97
commit fc5ebe2a50
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Process.cpp
View file

@ -952,6 +952,8 @@ int Process::do_exec(NonnullRefPtr<FileDescription> main_program_description, Ve
m_futex_queues.clear();
disown_all_shared_buffers();
for (int i = 0; i < m_fds.size(); ++i) {
auto& daf = m_fds[i];
if (daf.description && daf.flags & FD_CLOEXEC) {