diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-11-01 15:32:07 +0100 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-11-01 15:32:07 +0100 |
| commit | 9165b13a6f5ebe692755edc72dea0936de1ac746 (patch) | |
| tree | c6085f97b2c3861da460fb530065230c85ac8c4c /ipc | |
| parent | afc9aa79fca9bb7f3e83832cafa8f7bdc662017d (diff) | |
| download | gnumach-9165b13a6f5ebe692755edc72dea0936de1ac746.tar.gz gnumach-9165b13a6f5ebe692755edc72dea0936de1ac746.tar.bz2 gnumach-9165b13a6f5ebe692755edc72dea0936de1ac746.zip | |
64bit: Fix user memory leaks on non-inline port arrays
The userland allocation is for port names, not ports (as translated
below), so we need to allocate less.
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/ipc_kmsg.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ipc/ipc_kmsg.c b/ipc/ipc_kmsg.c index 33e4d57c..1b98445d 100644 --- a/ipc/ipc_kmsg.c +++ b/ipc/ipc_kmsg.c @@ -2383,8 +2383,12 @@ ipc_kmsg_copyout_body( if (!is_inline && (length != 0)) { /* first allocate memory in the map */ + uint64_t allocated = length; - kr = vm_allocate(map, &addr, length, TRUE); + assert(sizeof(mach_port_name_t) < sizeof(mach_port_t)); + allocated -= (sizeof(mach_port_t) - sizeof(mach_port_name_t)) * number; + + kr = vm_allocate(map, &addr, allocated, TRUE); if (kr != KERN_SUCCESS) { ipc_kmsg_clean_body(taddr, saddr); goto vm_copyout_failure; |