閱讀文章 - 看板 DFBSD_bugs

發信人"Venkatesh Srinivas \(via DragonFly issue tracker\)",

看板DFBSD_bugs

標題[issue2009] POSIX message queue malloc zone overflow

發信站(null) (Fri Mar 4 06:46:48 2011)

轉信站ptt!crater_reader.dragonflybsd.org!crater.dragonflybsd.org!127.0.0.1.M

New submission from Venkatesh Srinivas <vsrinivas@dragonflybsd.org>: #include <sys/types.h> #include <mqueue.h> int main() { int i; static struct mq_attr attr; attr.mq_maxmsg=31; attr.mq_msgsize=128; char nam[300] = {}; int pidr; for (i = 0; i < 128; i++) { pidr = fork(); if(pidr == 0) goto co; } co: for (i = 0; i < 900; i++) { sprintf(nam, "%d-%228d", i,getpid()); mq_unlink(nam); if (mq_open(nam, O_RDWR|O_CREAT|O_EXCL, 0777, &attr) == -1) break; } pause(); } ------------------- The above program will hit a panic on a malloc zone overflow in sys_mqueue.c. ---------- messages: 9667 nosy: vsrinivas status: unread title: POSIX message queue malloc zone overflow _____________________________________________________ DragonFly issue tracker <bugs@lists.dragonflybsd.org> <http://bugs.dragonflybsd.org/issue2009> _____________________________________________________