check exec() arg length

fix double iunlockput
2010-09-27 16:17:57 -04:00 · 2010-09-27 16:17:57 -04:00 · 06feabecee
parent 4655d42e3b
commit 06feabecee
1 changed files with 8 additions and 3 deletions
--- a/exec.c
+++ b/exec.c
@ -44,6 +44,7 @@ exec(char *path, char **argv)
      goto bad;
  }
  iunlockput(ip);
+  ip = 0;

  // Allocate a one-page stack at the next page boundary
  sz = PGROUNDUP(sz);
@ -105,6 +106,9 @@ exec(char *path, char **argv)
  uint ffffffff = 0xffffffff;
  copyout(pgdir, sp, &ffffffff, 4);

+  if(sp < sz - PGSIZE)
+    goto bad;
+
  // Save program name for debugging.
  for(last=s=path; *s; s++)
    if(*s == '/')
@ -125,8 +129,9 @@ exec(char *path, char **argv)
  return 0;

 bad:
-  cprintf("kernel: exec failed\n");
-  if(pgdir) freevm(pgdir);
-  iunlockput(ip);
+  if(pgdir)
+    freevm(pgdir);
+  if(ip)
+    iunlockput(ip);
  return -1;
 }