Mercurial > libpst
changeset 357:544d57fe6bc6
From Jeffrey Morlan:
try_fork in readpst.c doesn't check that active_children <
max_children before forking a child and adding it to the array. This can
cause a buffer overflow.
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Wed, 06 Jul 2016 10:17:49 -0700 |
| parents | fec7f4fca713 |
| children | 6abc3054cba2 |
| files | src/readpst.c |
| diffstat | 1 files changed, 2 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/readpst.c Wed Jul 06 10:15:28 2016 -0700 +++ b/src/readpst.c Wed Jul 06 10:17:49 2016 -0700 @@ -203,7 +203,8 @@ #ifdef HAVE_FORK #ifdef HAVE_SEMAPHORE_H int available = grim_reaper(0); - if (available) { + // If children have called sem_post but not exited yet, we could have available > 0 but active_children == max_children + if (available && active_children < max_children) { sem_wait(global_children); pid_t child = fork(); if (child < 0) {