possible memory leak in exec.c, pre-10 2.0.31

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ingo Molnar: "bug in inode.c, pre-10 2.0.31"
• Previous message: John Kelly: "Re: serial input overrun(s) using ide-cd"
• Next in thread: Bill Hawes: "Re: possible memory leak in exec.c, pre-10 2.0.31"
• Maybe reply: Bill Hawes: "Re: possible memory leak in exec.c, pre-10 2.0.31"

-- mingo

--- .exec.c.orig Wed Oct 15 18:14:58 1997
+++ exec.c Wed Oct 15 18:51:00 1997
@@ -301,15 +301,30 @@
mpnt->vm_pte = 0;
insert_vm_struct(current->mm, mpnt);
current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }

- for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
- if (bprm->page[i]) {
- current->mm->rss++;
- put_dirty_page(current,bprm->page[i],stack_base);
+ for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
+ if (bprm->page[i]) {
+ current->mm->rss++;
+ put_dirty_page(current,bprm->page[i],stack_base);
+ }
+ stack_base += PAGE_SIZE;
+ }
+ } else {
+ /*
+ * This one is tricky. We are already in the new context, so we cannot
+ * return with -ENOMEM. So we _have_ to deallocate argument pages here,
+ * if there is no VMA, they wont be freed at exit_mmap() -> memory leak.
+ *
+ * User space then gets a SIGSEGV when it tries to access argument pages.
+ */
+ for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
+ if (bprm->page[i]) {
+ free_page(bprm->page[i]);
+ bprm->page[i]=NULL;
+ }
}
- stack_base += PAGE_SIZE;
}
+
return p;
}

• Next message: Ingo Molnar: "bug in inode.c, pre-10 2.0.31"
• Previous message: John Kelly: "Re: serial input overrun(s) using ide-cd"
• Next in thread: Bill Hawes: "Re: possible memory leak in exec.c, pre-10 2.0.31"
• Maybe reply: Bill Hawes: "Re: possible memory leak in exec.c, pre-10 2.0.31"