From 98e07c497c9d866c0342696918a020b3f0303405 Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sun, 14 Jul 2024 18:14:35 +0200
Subject: server: Fix bogus port deallocation on server error
For inlined port arrays, WriteExtractArg compacts them from a
mach_port_name_inlined_t array to a mach_port_t array, reusing the
memory area. But when the server returns an error, the caller will
destroy the message, and thus expects the original inlined port arrays
available.
---
server.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
(limited to 'server.c')
diff --git a/server.c b/server.c
index 81147b5..e02e1e7 100644
--- a/server.c
+++ b/server.c
@@ -788,6 +788,27 @@ WriteExtractArg(FILE *file, const argument_t *arg)
}
}
+static void
+WriteRestoreArg(FILE *file, const argument_t *arg)
+{
+ if (akCheckAll(arg->argKind, akbSendRcv|akbPointer)) {
+ if (akCheck(arg->argKind, akbIndefinite)) {
+ fprintf(file, "\tif (OutP->%s != KERN_SUCCESS && In%dP->%s%s.msgt_inline) {\n",
+ arg->argRoutine->rtRetCode->argMsgField,
+ arg->argRequestPos, arg->argTTName, arg->argLongForm ? ".msgtl_header" : "");
+ fprintf(file, "\t\tmach_msg_type_number_t i;\n");
+ fprintf(file, "\t\t/* Restore the mach_port_name_inlined_t input array for message destruction. */\n");
+ fprintf(file, "\t\tfor (i = In%dP->%s.msgt%s_number; i > 1; i--) {\n",
+ arg->argRequestPos, arg->argTTName, arg->argLongForm ? "l" : "");
+ fprintf(file, "\t\t\t%s[i-1].name = %sP[i-1];\n", InArgMsgField(arg), arg->argVarName);
+ fprintf(file, "\t\t}\n");
+ fprintf(file, "\t}\n");
+ }
+ else
+ assert(false);
+ }
+}
+
static void
WriteServerCallArg(FILE *file, const argument_t *arg)
{
@@ -1435,6 +1456,8 @@ WriteRoutine(FILE *file, const routine_t *rt)
WriteServerCall(file, rt);
WriteGetReturnValue(file, rt);
+ WriteReverseList(file, rt->rtArgs, WriteRestoreArg, akbNone, "", "");
+
WriteReverseList(file, rt->rtArgs, WriteDestroyArg, akbDestroy, "", "");
/*
--
cgit v1.2.3