summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2015-04-21 13:24:46 -0400
committerRich Felker <dalias@aerifal.cx>2015-04-21 13:24:46 -0400
commit086793ad99dc625fd1c47f96fc31ea8aa316b438 (patch)
tree2f8110253072aa9ec6f2dcedf3025dca5d11b064
parentc5ab5bd3be15eb9d49222df132a51ae8e8f78cbc (diff)
downloadmusl-086793ad99dc625fd1c47f96fc31ea8aa316b438.tar.gz
musl-086793ad99dc625fd1c47f96fc31ea8aa316b438.tar.bz2
musl-086793ad99dc625fd1c47f96fc31ea8aa316b438.tar.xz
musl-086793ad99dc625fd1c47f96fc31ea8aa316b438.zip
fix mmap leak in sem_open failure path for link call
the leak was found by static analysis (reported by Alexander Monakov), not tested/observed, but seems to have occured both when failing due to O_EXCL, and in a race condition with O_CREAT but not O_EXCL where a semaphore by the same name was created concurrently.
-rw-r--r--src/thread/sem_open.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/thread/sem_open.c b/src/thread/sem_open.c
index ab884a42..fda0acd3 100644
--- a/src/thread/sem_open.c
+++ b/src/thread/sem_open.c
@@ -126,6 +126,7 @@ sem_t *sem_open(const char *name, int flags, ...)
e = link(tmp, name) ? errno : 0;
unlink(tmp);
if (!e) break;
+ munmap(map, sizeof(sem_t));
/* Failure is only fatal when doing an exclusive open;
* otherwise, next iteration will try to open the
* existing file. */