tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

sys_pipe2() leaks file descriptors to %eax and %edx on i386


both sys_pipe() and sys_pipe2() use pipe1() as the actual implementation. 
Therefore they both fill retval[0] and retval[1] with file descriptors of read 
and write endpoints. For sys_pipe() it is the desired behaviour since its 
userland part picks these values from %eax and %edx and stores them to 
appropriate locations. However, for pipe2() such behaviour is wrong for its 
userland part treats %eax as a return value, hence pipe2() normally returns 
non-zero thus confusing its callers.

The following patch fixes this:

diff -u -r1.22 sys_descrip.c
--- sys_descrip.c       26 Jun 2011 16:42:42 -0000      1.22
+++ sys_descrip.c       31 Oct 2011 15:10:41 -0000
@@ -759,5 +759,6 @@
                return error;
        fd[0] = retval[0];
        fd[1] = retval[1];
+       retval[0] = retval[1] = 0;
        return copyout(fd, SCARG(uap, fildes), sizeof(fd));

Home | Main Index | Thread Index | Old Index