check exec() arg length
fix double iunlockput
This commit is contained in:
parent
4655d42e3b
commit
06feabecee
1 changed files with 8 additions and 3 deletions
11
exec.c
11
exec.c
|
@ -44,6 +44,7 @@ exec(char *path, char **argv)
|
|||
goto bad;
|
||||
}
|
||||
iunlockput(ip);
|
||||
ip = 0;
|
||||
|
||||
// Allocate a one-page stack at the next page boundary
|
||||
sz = PGROUNDUP(sz);
|
||||
|
@ -105,6 +106,9 @@ exec(char *path, char **argv)
|
|||
uint ffffffff = 0xffffffff;
|
||||
copyout(pgdir, sp, &ffffffff, 4);
|
||||
|
||||
if(sp < sz - PGSIZE)
|
||||
goto bad;
|
||||
|
||||
// Save program name for debugging.
|
||||
for(last=s=path; *s; s++)
|
||||
if(*s == '/')
|
||||
|
@ -125,8 +129,9 @@ exec(char *path, char **argv)
|
|||
return 0;
|
||||
|
||||
bad:
|
||||
cprintf("kernel: exec failed\n");
|
||||
if(pgdir) freevm(pgdir);
|
||||
iunlockput(ip);
|
||||
if(pgdir)
|
||||
freevm(pgdir);
|
||||
if(ip)
|
||||
iunlockput(ip);
|
||||
return -1;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue