diff options
author | rwatson <rwatson@FreeBSD.org> | 2004-02-03 02:50:51 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2004-02-03 02:50:51 +0000 |
commit | 952cd3ca81cb5800aa86934f9e2cdead5420a38e (patch) | |
tree | b48c0f6fa40bf2db0646da706f72f542de5b4943 /sys | |
parent | 5ecaf23ec84e1e1eb304f739816d51e422ca2dfc (diff) | |
download | FreeBSD-src-952cd3ca81cb5800aa86934f9e2cdead5420a38e.zip FreeBSD-src-952cd3ca81cb5800aa86934f9e2cdead5420a38e.tar.gz |
Catch instances of (pipe == NULL) that were obsoleted with recent
changes to jointly allocated pipe pairs. Replace these checks
with pipe_present checks. This avoids a NULL pointer dereference
when a pipe is half-closed.
Submitted by: Peter Edwards <peter.edwards@openet-telecom.com>
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/sys_pipe.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c index 7045164..0fc263c 100644 --- a/sys/kern/sys_pipe.c +++ b/sys/kern/sys_pipe.c @@ -938,7 +938,7 @@ pipe_write(fp, uio, active_cred, flags, td) /* * detect loss of pipe read side, issue SIGPIPE if lost. */ - if ((wpipe == NULL) || (wpipe->pipe_state & PIPE_EOF)) { + if ((!wpipe->pipe_present) || (wpipe->pipe_state & PIPE_EOF)) { PIPE_UNLOCK(rpipe); return (EPIPE); } @@ -1316,13 +1316,13 @@ pipe_poll(fp, events, active_cred, td) revents |= events & (POLLIN | POLLRDNORM); if (events & (POLLOUT | POLLWRNORM)) - if (wpipe == NULL || (wpipe->pipe_state & PIPE_EOF) || + if (!wpipe->pipe_present || (wpipe->pipe_state & PIPE_EOF) || (((wpipe->pipe_state & PIPE_DIRECTW) == 0) && (wpipe->pipe_buffer.size - wpipe->pipe_buffer.cnt) >= PIPE_BUF)) revents |= events & (POLLOUT | POLLWRNORM); if ((rpipe->pipe_state & PIPE_EOF) || - (wpipe == NULL) || + (!wpipe->pipe_present) || (wpipe->pipe_state & PIPE_EOF)) revents |= POLLHUP; @@ -1513,7 +1513,7 @@ pipe_kqfilter(struct file *fp, struct knote *kn) case EVFILT_WRITE: kn->kn_fop = &pipe_wfiltops; cpipe = cpipe->pipe_peer; - if (cpipe == NULL) + if (!cpipe->pipe_present) /* other end of pipe has been closed */ return (EPIPE); break; @@ -1556,7 +1556,7 @@ filt_piperead(struct knote *kn, long hint) kn->kn_data = rpipe->pipe_map.cnt; if ((rpipe->pipe_state & PIPE_EOF) || - (wpipe == NULL) || (wpipe->pipe_state & PIPE_EOF)) { + (!wpipe->pipe_present) || (wpipe->pipe_state & PIPE_EOF)) { kn->kn_flags |= EV_EOF; PIPE_UNLOCK(rpipe); return (1); @@ -1573,7 +1573,7 @@ filt_pipewrite(struct knote *kn, long hint) struct pipe *wpipe = rpipe->pipe_peer; PIPE_LOCK(rpipe); - if ((wpipe == NULL) || (wpipe->pipe_state & PIPE_EOF)) { + if ((!wpipe->pipe_present) || (wpipe->pipe_state & PIPE_EOF)) { kn->kn_data = 0; kn->kn_flags |= EV_EOF; PIPE_UNLOCK(rpipe); |