From 1a02a458839fd85ff58856a666918db1d111adec Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Wed, 1 Jan 2014 07:39:17 +0100 Subject: kernel: nil check, exited procs handling in postnote() make sure not to dereference Proc* nil pointer. this can potentially happen from devip which has code like: if(er->read4p) postnote(er->read4p, 1, "unbind", 0); the process it is about to kill can zero er->read4p at any time, so there is the possibility of the condition to be true and then er->read4p becoming nil. check if the process has already exited (p->pid == 0) in postnote() under p->debug qlock. --- sys/src/9/port/pgrp.c | 2 +- sys/src/9/port/proc.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'sys/src') diff --git a/sys/src/9/port/pgrp.c b/sys/src/9/port/pgrp.c index fb23b432c..069df11da 100644 --- a/sys/src/9/port/pgrp.c +++ b/sys/src/9/port/pgrp.c @@ -29,7 +29,7 @@ pgrpnote(ulong noteid, char *a, long n, int flag) continue; if(up != p && p->noteid == noteid && p->kp == 0) { qlock(&p->debug); - if(p->pid != 0 && p->noteid == noteid) + if(p->noteid == noteid) postnote(p, 0, buf, flag); qunlock(&p->debug); } diff --git a/sys/src/9/port/proc.c b/sys/src/9/port/proc.c index 41cfb9aff..911bfd608 100644 --- a/sys/src/9/port/proc.c +++ b/sys/src/9/port/proc.c @@ -903,9 +903,18 @@ postnote(Proc *p, int dolock, char *n, int flag) int s, ret; QLock *q; + if(p == nil) + return 0; + if(dolock) qlock(&p->debug); + if(p->pid == 0){ + if(dolock) + qunlock(&p->debug); + return 0; + } + if(n != nil && flag != NUser && (p->notify == 0 || p->notified)) p->nnote = 0; -- cgit v1.2.3