From 9165b13a6f5ebe692755edc72dea0936de1ac746 Mon Sep 17 00:00:00 2001 From: Samuel Thibault Date: Wed, 1 Nov 2023 15:32:07 +0100 Subject: 64bit: Fix user memory leaks on non-inline port arrays The userland allocation is for port names, not ports (as translated below), so we need to allocate less. --- ipc/ipc_kmsg.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'ipc/ipc_kmsg.c') diff --git a/ipc/ipc_kmsg.c b/ipc/ipc_kmsg.c index 33e4d57c..1b98445d 100644 --- a/ipc/ipc_kmsg.c +++ b/ipc/ipc_kmsg.c @@ -2383,8 +2383,12 @@ ipc_kmsg_copyout_body( if (!is_inline && (length != 0)) { /* first allocate memory in the map */ + uint64_t allocated = length; - kr = vm_allocate(map, &addr, length, TRUE); + assert(sizeof(mach_port_name_t) < sizeof(mach_port_t)); + allocated -= (sizeof(mach_port_t) - sizeof(mach_port_name_t)) * number; + + kr = vm_allocate(map, &addr, allocated, TRUE); if (kr != KERN_SUCCESS) { ipc_kmsg_clean_body(taddr, saddr); goto vm_copyout_failure; -- cgit v1.2.3