From a9791e12852a23c762d42aaafa55473cf4a5ed20 Mon Sep 17 00:00:00 2001 From: Ethan Date: Wed, 10 Nov 2010 07:56:10 +0800 Subject: [PATCH] [PATCH] Init - make sure the last parameter to execve is NULL We alloc exactly the number of parameters in parse_line_action. When these parameters are for execve, which request the argv terminated by a NULL, it may fail randomly, depends on what is there after the end of the buffer we allocated Extend the buffer to hold one more pointer, and make sure it is NULL to fix this bug. Change-Id: I180df8be3502f51f81a6abb6ebf5c156eb59c9fc Signed-off-by: Ethan --- init/parser.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/init/parser.c b/init/parser.c index 7da0d1944..ca03da971 100644 --- a/init/parser.c +++ b/init/parser.c @@ -800,6 +800,7 @@ static void parse_line_action(struct parse_state* state, int nargs, char **args) struct action *act = state->context; int (*func)(int nargs, char **args); int kw, n; + int alloc_size = 0; if (nargs == 0) { return; @@ -817,7 +818,14 @@ static void parse_line_action(struct parse_state* state, int nargs, char **args) n > 2 ? "arguments" : "argument"); return; } - cmd = malloc(sizeof(*cmd) + sizeof(char*) * nargs); + alloc_size = sizeof(*cmd) + sizeof(char*) * (nargs + 1); + cmd = malloc(alloc_size); + if (!cmd) { + parse_error(state, "malloc failed\n"); + return; + } + + memset((char *)cmd, 0, alloc_size); cmd->func = kw_func(kw); cmd->nargs = nargs; memcpy(cmd->args, args, sizeof(char*) * nargs);