Skip to content

Commit

Permalink
do_coredump(): check return from argv_split()
Browse files Browse the repository at this point in the history 
do_coredump() accesses helper_argv[0] without checking helper_argv !=
NULL.  This can happen if page allocation failed.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Tetsuo Handa authored and Linus Torvalds committed Jan 6, 2009
1 parent 26e5438 commit 350eaf7
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions fs/exec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1770,6 +1770,11 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)

if (ispipe) {
helper_argv = argv_split(GFP_KERNEL, corename+1, &helper_argc);
if (!helper_argv) {
printk(KERN_WARNING "%s failed to allocate memory\n",
__func__);
goto fail_unlock;
}
/* Terminate the string before the first option */
delimit = strchr(corename, ' ');
if (delimit)
Expand Down

0 comments on commit 350eaf7

Please sign in to comment.