diff options
| author | Sergey Bugaev <bugaevc@gmail.com> | 2023-06-15 21:17:31 +0300 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-06-18 00:26:06 +0200 |
| commit | ed7f24debd15745f9e6c20151ec1c5989b58de4e (patch) | |
| tree | dcd06919043eda7028c5f1149aca2994bd79373b /ipc | |
| parent | 5e597575b78af2464117437c8bc41e632d7e112d (diff) | |
| download | gnumach-ed7f24debd15745f9e6c20151ec1c5989b58de4e.tar.gz gnumach-ed7f24debd15745f9e6c20151ec1c5989b58de4e.tar.bz2 gnumach-ed7f24debd15745f9e6c20151ec1c5989b58de4e.zip | |
Fix copying in MACH_PORT_DEAD on x86_64
We need to properly convert MACH_PORT_NAME_DEAD (which is 32-bit -1)
into IO_DEAD, which is 64-bit -1.
To reproduce:
$ portinfo -va 1
(see the Mach crash trying to access a port at 0xffffffff)
Message-Id: <20230615181731.119328-1-bugaevc@gmail.com>
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/ipc_kmsg.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/ipc/ipc_kmsg.c b/ipc/ipc_kmsg.c index 1988da45..5012e607 100644 --- a/ipc/ipc_kmsg.c +++ b/ipc/ipc_kmsg.c @@ -1447,8 +1447,10 @@ ipc_kmsg_copyin_body( mach_port_name_t port = ((mach_port_t*)data)[i]; ipc_object_t object; - if (!MACH_PORT_NAME_VALID(port)) + if (!MACH_PORT_NAME_VALID(port)) { + objects[i] = (ipc_object_t)invalid_name_to_port(port); continue; + } kr = ipc_object_copyin(space, port, name, &object); @@ -1465,9 +1467,6 @@ ipc_kmsg_copyin_body( kmsg->ikm_header.msgh_bits |= MACH_MSGH_BITS_CIRCULAR; - /* TODO: revisit this for 64 bits since the size of - * mach_port_name_t is not the same as a pointer size. - */ objects[i] = object; } |