Attachment #40061 for bug #90499

View | Details | Raw Unified | Return to bug 90499
Collapse All | Expand All

Lines 94-100 asmlinkage unsigned long sys_brk(unsigne Link Here

(-)linux-2.4.31/arch/ia64/ia32/sys_ia32.c (-5 / +8 lines)
94	static DECLARE_MUTEX(ia32_mmap_sem);	94	static DECLARE_MUTEX(ia32_mmap_sem);
95		95
96	static int	96	static int
97	nargs (unsigned int arg, char **ap)	97	nargs (unsigned int arg, char **ap, int max)
98	{	98	{
99	unsigned int addr;	99	unsigned int addr;
100	int n, err;	100	int n, err;
Lines 107-112 nargs (unsigned int arg, char **ap) Link Here
107	err = get_user(addr, (unsigned int *)A(arg));	107	err = get_user(addr, (unsigned int *)A(arg));
108	if (err)	108	if (err)
109	return err;	109	return err;
		110	if (n > max)
		111	return -E2BIG;
110	if (ap)	112	if (ap)
111	ap++ = (char ) A(addr);	113	ap++ = (char ) A(addr);
112	arg += sizeof(unsigned int);	114	arg += sizeof(unsigned int);
Lines 128-137 sys32_execve (char *filename, unsigned i Link Here
128	int na, ne, len;	130	int na, ne, len;
129	long r;	131	long r;
130		132
131	na = nargs(argv, NULL);	133	/* Allocates upto 2x MAX_ARG_PAGES */
		134	na = nargs(argv, NULL, (MAX_ARG_PAGESPAGE_SIZE) / sizeof(char ) - 1);
132	if (na < 0)	135	if (na < 0)
133	return na;	136	return na;
134	ne = nargs(envp, NULL);	137	ne = nargs(envp, NULL, (MAX_ARG_PAGESPAGE_SIZE) / sizeof(char ) - 1 );
135	if (ne < 0)	138	if (ne < 0)
136	return ne;	139	return ne;
137	len = (na + ne + 2) * sizeof(*av);	140	len = (na + ne + 2) * sizeof(*av);
Lines 143-152 sys32_execve (char *filename, unsigned i Link Here
143	av[na] = NULL;	146	av[na] = NULL;
144	ae[ne] = NULL;	147	ae[ne] = NULL;
145		148
146	r = nargs(argv, av);	149	r = nargs(argv, av, na);
147	if (r < 0)	150	if (r < 0)
148	goto out;	151	goto out;
149	r = nargs(envp, ae);	152	r = nargs(envp, ae, ne);
150	if (r < 0)	153	if (r < 0)
151	goto out;	154	goto out;
152		155

Lines 2200-2206 asmlinkage long sys32_ustat(dev_t dev, s Link Here

(-)linux-2.4.31/arch/x86_64/ia32/sys_ia32.c (-8 / +9 lines)
2200	return ret;	2200	return ret;
2201	}	2201	}
2202		2202
2203	static int nargs(u32 src, char **dst)	2203	static int nargs(u32 src, char **dst, int max)
2204	{	2204	{
2205	int cnt;	2205	int cnt;
2206	u32 val;	2206	u32 val;
Lines 2210-2222 static int nargs(u32 src, char **dst) Link Here
2210	int ret = get_user(val, (__u32 *)(u64)src);	2210	int ret = get_user(val, (__u32 *)(u64)src);
2211	if (ret)	2211	if (ret)
2212	return ret;	2212	return ret;
		2213	if (cnt > max)
		2214	return -E2BIG;
2213	if (dst)	2215	if (dst)
2214	dst[cnt] = (char *)(u64)val;	2216	dst[cnt] = (char *)(u64)val;
2215	cnt++;	2217	cnt++;
2216	src += 4;	2218	src += 4;
2217	if (cnt >= (MAX_ARG_PAGES * PAGE_SIZE) / sizeof(char *))	2219	} while(val);
2218	return -E2BIG;
2219	} while(val);
2220	if (dst)	2220	if (dst)
2221	dst[cnt-1] = 0;	2221	dst[cnt-1] = 0;
2222	return cnt;	2222	return cnt;
Lines 2230-2242 asmlinkage long sys32_execve(char *name, Link Here
2230	int ret;	2230	int ret;
2231	unsigned sz = 0;	2231	unsigned sz = 0;
2232		2232
		2233	/* Can actually allocate 2MAX_ARG_PAGES /
2233	if (argv) {	2234	if (argv) {
2234	na = nargs(argv, NULL);	2235	na = nargs(argv, NULL, (MAX_ARG_PAGES * PAGE_SIZE)/sizeof(char*) - 1);
2235	if (na < 0)	2236	if (na < 0)
2236	return -EFAULT;	2237	return -EFAULT;
2237	}	2238	}
2238	if (envp) {	2239	if (envp) {
2239	ne = nargs(envp, NULL);	2240	ne = nargs(envp, NULL, (MAX_ARG_PAGES * PAGE_SIZE)/sizeof(char*) - 1);
2240	if (ne < 0)	2241	if (ne < 0)
2241	return -EFAULT;	2242	return -EFAULT;
2242	}	2243	}
Lines 2252-2264 asmlinkage long sys32_execve(char *name, Link Here
2252	}	2253	}
2253		2254
2254	if (argv) {	2255	if (argv) {
2255	ret = nargs(argv, buf);	2256	ret = nargs(argv, buf, na);
2256	if (ret < 0)	2257	if (ret < 0)
2257	goto free;	2258	goto free;
2258	}	2259	}
2259		2260
2260	if (envp) {	2261	if (envp) {
2261	ret = nargs(envp, buf + na);	2262	ret = nargs(envp, buf + na, ne);
2262	if (ret < 0)	2263	if (ret < 0)
2263	goto free;	2264	goto free;
2264	}	2265	}

Return to bug 90499