diff options
| author | Andreas Kling <kling@serenityos.org> | 2020-02-22 12:27:12 +0100 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2020-02-22 12:29:38 +0100 |
| commit | fc5ebe2a500e1bdbee689dd8dbaead68966f1e9c (patch) | |
| tree | 96dddb47bc7016a9dec578ced3770f0101dd0d23 | |
| parent | af02d0ee97101e8d073b1906d4e000ad16db6166 (diff) | |
| download | serenity-fc5ebe2a500e1bdbee689dd8dbaead68966f1e9c.zip | |
Kernel: Disown shared buffers on sys$execve()
When committing to a new executable, disown any shared buffers that the
process was previously co-owning.
Otherwise accessing the same shared buffer ID from the new program
would cause the kernel to find a cached (and stale!) reference to the
previous program's VM region corresponding to that shared buffer,
leading to a Region* use-after-free.
Fixes #1270.
| -rw-r--r-- | Kernel/Process.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp index 4eb4284c45..9efd031561 100644 --- a/Kernel/Process.cpp +++ b/Kernel/Process.cpp @@ -952,6 +952,8 @@ int Process::do_exec(NonnullRefPtr<FileDescription> main_program_description, Ve m_futex_queues.clear(); + disown_all_shared_buffers(); + for (int i = 0; i < m_fds.size(); ++i) { auto& daf = m_fds[i]; if (daf.description && daf.flags & FD_CLOEXEC) { |