Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e1082f45 authored by Peter Hurley's avatar Peter Hurley Committed by Linus Torvalds
Browse files

ipc: fix potential oops when src msg > 4k w/ MSG_COPY



If the src msg is > 4k, then dest->next points to the
next allocated segment; resetting it just prior to dereferencing
is bad.

Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
Acked-by: default avatarStanislav Kinsbursky <skinsbursky@parallels.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 47b3bc90
Loading
Loading
Loading
Loading
+0 −3
Original line number Diff line number Diff line
@@ -117,9 +117,6 @@ struct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst)
	if (alen > DATALEN_MSG)
		alen = DATALEN_MSG;

	dst->next = NULL;
	dst->security = NULL;

	memcpy(dst + 1, src + 1, alen);

	len -= alen;