ilo-pona/xv6-65oo2
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

check that arguments aren't more than a page in exec()

Browse source
This commit is contained in:
Robert Morris 2019-06-04 06:51:01 -04:00
parent 0f684b9150
commit b78894f34e
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
exec.c
View file

@ -13,7 +13,7 @@ exec(char *path, char **argv)
{ {
char *s, *last; char *s, *last;
int i, off; int i, off;
uint64 argc, sz, sp, ustack[MAXARG+1]; uint64 argc, sz, sp, ustack[MAXARG+1], stackbase;
struct elfhdr elf; struct elfhdr elf;
struct inode *ip; struct inode *ip;
struct proghdr ph; struct proghdr ph;
@ -66,6 +66,7 @@ exec(char *path, char **argv)
if((sz = uvmalloc(pagetable, sz, sz + 2*PGSIZE)) == 0) if((sz = uvmalloc(pagetable, sz, sz + 2*PGSIZE)) == 0)
goto bad; goto bad;
sp = sz; sp = sz;
stackbase = sp - PGSIZE;
// Push argument strings, prepare rest of stack in ustack. // Push argument strings, prepare rest of stack in ustack.
for(argc = 0; argv[argc]; argc++) { for(argc = 0; argv[argc]; argc++) {
@ -73,6 +74,8 @@ exec(char *path, char **argv)
goto bad; goto bad;
sp -= strlen(argv[argc]) + 1; sp -= strlen(argv[argc]) + 1;
sp -= sp % 16; // riscv sp must be 16-byte aligned sp -= sp % 16; // riscv sp must be 16-byte aligned
if(sp < stackbase)
goto bad;
if(copyout(pagetable, sp, argv[argc], strlen(argv[argc]) + 1) < 0) if(copyout(pagetable, sp, argv[argc], strlen(argv[argc]) + 1) < 0)
goto bad; goto bad;
ustack[argc] = sp; ustack[argc] = sp;
@ -82,6 +85,8 @@ exec(char *path, char **argv)
// push the array of argv[] pointers. // push the array of argv[] pointers.
sp -= (argc+1) * sizeof(uint64); sp -= (argc+1) * sizeof(uint64);
sp -= sp % 16; sp -= sp % 16;
if(sp < stackbase)
goto bad;
if(copyout(pagetable, sp, (char *)ustack, (argc+1)*sizeof(uint64)) < 0) if(copyout(pagetable, sp, (char *)ustack, (argc+1)*sizeof(uint64)) < 0)
goto bad; goto bad;