do_coredump(): check return from argv_split()

do_coredump() accesses helper_argv[0] without checking helper_argv != NULL. This can happen if page allocation failed. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

do_coredump(): check return from argv_split()
do_coredump() accesses helper_argv[0] without checking helper_argv != NULL. This can happen if page allocation failed. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tetsuo Handa · Linus Torvalds
1 parent 26e5438e4b
Showing 1 changed file with 5 additions and 0 deletions Side-by-side Diff
fs/exec.c
@@ -1770,6 +1770,11 @@
  
  	if (ispipe) {
 		helper_argv = argv_split(GFP_KERNEL, corename+1, &helper_argc);
+		if (!helper_argv) {
+			printk(KERN_WARNING "%s failed to allocate memory\n",
+			       __func__);
+			goto fail_unlock;
+		}
 		/* Terminate the string before the first option */
 		delimit = strchr(corename, ' ');
 		if (delimit)
...	...	@@ -1770,6 +1770,11 @@
1770	1770
1771	1771	if (ispipe) {
1772	1772	helper_argv = argv_split(GFP_KERNEL, corename+1, &helper_argc);
	1773	+ if (!helper_argv) {
	1774	+ printk(KERN_WARNING "%s failed to allocate memory\n",
	1775	+ __func__);
	1776	+ goto fail_unlock;
	1777	+ }
1773	1778	/* Terminate the string before the first option */
1774	1779	delimit = strchr(corename, ' ');
1775	1780	if (delimit)