Commit 350eaf791bebccb9ad5999351f3e328319545f03
Committed by
Linus Torvalds
1 parent
26e5438e4b
Exists in
master
and in
4 other branches
do_coredump(): check return from argv_split()
do_coredump() accesses helper_argv[0] without checking helper_argv != NULL. This can happen if page allocation failed. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 1 changed file with 5 additions and 0 deletions Side-by-side Diff
fs/exec.c
... | ... | @@ -1770,6 +1770,11 @@ |
1770 | 1770 | |
1771 | 1771 | if (ispipe) { |
1772 | 1772 | helper_argv = argv_split(GFP_KERNEL, corename+1, &helper_argc); |
1773 | + if (!helper_argv) { | |
1774 | + printk(KERN_WARNING "%s failed to allocate memory\n", | |
1775 | + __func__); | |
1776 | + goto fail_unlock; | |
1777 | + } | |
1773 | 1778 | /* Terminate the string before the first option */ |
1774 | 1779 | delimit = strchr(corename, ' '); |
1775 | 1780 | if (delimit) |