check exec() arg length

fix double iunlockput
author: Robert Morris <[email protected]> 2010-09-27 16:17:57 -0400
committer: Robert Morris <[email protected]> 2010-09-27 16:17:57 -0400
commit: 06feabeceeccc8dbd2658e9f10dd139c14f01ba6 (patch)
tree: f3087e06d8a559e3d620aa6a3ae5bf934212d1ef /exec.c
parent: 4655d42e3b65f906eae8c815fb78331790f6e423 (diff)
download: xv6-labs-06feabeceeccc8dbd2658e9f10dd139c14f01ba6.tar.gz
xv6-labs-06feabeceeccc8dbd2658e9f10dd139c14f01ba6.tar.bz2
xv6-labs-06feabeceeccc8dbd2658e9f10dd139c14f01ba6.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/exec.c b/exec.c
index 2e2ced4..c0ea515 100644
--- a/exec.c
+++ b/exec.c
@@ -44,6 +44,7 @@ exec(char *path, char **argv)
       goto bad;
   }
   iunlockput(ip);
+  ip = 0;
 
   // Allocate a one-page stack at the next page boundary
   sz = PGROUNDUP(sz);
@@ -105,6 +106,9 @@ exec(char *path, char **argv)
   uint ffffffff = 0xffffffff;
   copyout(pgdir, sp, &ffffffff, 4);
 
+  if(sp < sz - PGSIZE)
+    goto bad;
+
   // Save program name for debugging.
   for(last=s=path; *s; s++)
     if(*s == '/')
@@ -125,8 +129,9 @@ exec(char *path, char **argv)
   return 0;
 
  bad:
-  cprintf("kernel: exec failed\n");
-  if(pgdir) freevm(pgdir);
-  iunlockput(ip);
+  if(pgdir)
+    freevm(pgdir);
+  if(ip)
+    iunlockput(ip);
   return -1;
 }
author	Robert Morris <[email protected]>	2010-09-27 16:17:57 -0400
committer	Robert Morris <[email protected]>	2010-09-27 16:17:57 -0400
commit	06feabeceeccc8dbd2658e9f10dd139c14f01ba6 (patch)
tree	f3087e06d8a559e3d620aa6a3ae5bf934212d1ef /exec.c
parent	4655d42e3b65f906eae8c815fb78331790f6e423 (diff)
download	xv6-labs-06feabeceeccc8dbd2658e9f10dd139c14f01ba6.tar.gz xv6-labs-06feabeceeccc8dbd2658e9f10dd139c14f01ba6.tar.bz2 xv6-labs-06feabeceeccc8dbd2658e9f10dd139c14f01ba6.zip