memory leak in fork.c, pre-10 2.0.31

Ingo Molnar (mingo@pc7537.hil.siemens.at)
Wed, 15 Oct 1997 15:39:49 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard B. Johnson: "Re: serial input overrun(s) using ide-cd"
Previous message: Colin Plumb: "Re: monitoring entropy"

there is a (serious, easily exploitable) memory leak in fork.c, the
attached (tested) patch fixes it.

-- mingo

--- .fork.c.original Wed Oct 15 14:51:27 1997
+++ fork.c Wed Oct 15 15:47:18 1997
@@ -93,16 +93,17 @@
tmp->vm_flags &= ~VM_LOCKED;
tmp->vm_mm = mm;
tmp->vm_next = NULL;
+ if (copy_page_range(mm, current->mm, tmp)) {
+ kfree(tmp);
+ exit_mmap(mm);
+ return -ENOMEM;
+ }
if (tmp->vm_inode) {
tmp->vm_inode->i_count++;
/* insert tmp into the share list, just after mpnt */
tmp->vm_next_share->vm_prev_share = tmp;
mpnt->vm_next_share = tmp;
tmp->vm_prev_share = mpnt;
- }
- if (copy_page_range(mm, current->mm, tmp)) {
- exit_mmap(mm);
- return -ENOMEM;
}
if (tmp->vm_ops && tmp->vm_ops->open)
tmp->vm_ops->open(tmp);

Next message: Richard B. Johnson: "Re: serial input overrun(s) using ide-cd"
Previous message: Colin Plumb: "Re: monitoring entropy"