diff options
author | Rich Felker <dalias@aerifal.cx> | 2013-06-29 00:02:38 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2013-06-29 00:02:38 -0400 |
commit | 17aef0b41e3d7cb37c476cbe2df26fc444518a64 (patch) | |
tree | c72587f4b27cab646b00c9953e0ae9a1b180b202 /src/ipc | |
parent | 062f40ef3e56021f4a9902095867e35cce6d99c4 (diff) | |
download | musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.tar.gz musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.tar.bz2 musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.tar.xz musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.zip |
prevent shmget from allocating objects that overflow ptrdiff_t
rather than returning an error, we have to increase the size argument
so high that the kernel will have no choice but to fail. this is
because POSIX only permits the EINVAL error for size errors when a new
shared memory segment would be created; if it already exists, the size
argument must be ignored. unfortunately Linux is non-conforming in
this regard, but I want to keep the code correct in userspace anyway
so that if/when Linux is fixed, the behavior applications see will be
conforming.
Diffstat (limited to 'src/ipc')
-rw-r--r-- | src/ipc/shmget.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/ipc/shmget.c b/src/ipc/shmget.c index 61fb11d9..b44f9d68 100644 --- a/src/ipc/shmget.c +++ b/src/ipc/shmget.c @@ -1,9 +1,11 @@ #include <sys/shm.h> +#include <stdint.h> #include "syscall.h" #include "ipc.h" int shmget(key_t key, size_t size, int flag) { + if (size > PTRDIFF_MAX) size = SIZE_MAX; #ifdef SYS_shmget return syscall(SYS_shmget, key, size, flag); #else |