prevent shmget from allocating objects that overflow ptrdiff_t

rather than returning an error, we have to increase the size argument so high that the kernel will have no choice but to fail. this is because POSIX only permits the EINVAL error for size errors when a new shared memory segment would be created; if it already exists, the size argument must be ignored. unfortunately Linux is non-conforming in this regard, but I want to keep the code correct in userspace anyway so that if/when Linux is fixed, the behavior applications see will be conforming.
author: Rich Felker <dalias@aerifal.cx> 2013-06-29 00:02:38 -0400
committer: Rich Felker <dalias@aerifal.cx> 2013-06-29 00:02:38 -0400
commit: 17aef0b41e3d7cb37c476cbe2df26fc444518a64 (patch)
tree: c72587f4b27cab646b00c9953e0ae9a1b180b202 /src/ipc
parent: 062f40ef3e56021f4a9902095867e35cce6d99c4 (diff)
download: musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.tar.gz
musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.tar.xz
musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/ipc/shmget.c b/src/ipc/shmget.c
index 61fb11d9..b44f9d68 100644
--- a/src/ipc/shmget.c
+++ b/src/ipc/shmget.c
@@ -1,9 +1,11 @@
 #include <sys/shm.h>
+#include <stdint.h>
 #include "syscall.h"
 #include "ipc.h"
 
 int shmget(key_t key, size_t size, int flag)
 {
+	if (size > PTRDIFF_MAX) size = SIZE_MAX;
 #ifdef SYS_shmget
 	return syscall(SYS_shmget, key, size, flag);
 #else
author	Rich Felker <dalias@aerifal.cx>	2013-06-29 00:02:38 -0400
committer	Rich Felker <dalias@aerifal.cx>	2013-06-29 00:02:38 -0400
commit	17aef0b41e3d7cb37c476cbe2df26fc444518a64 (patch)
tree	c72587f4b27cab646b00c9953e0ae9a1b180b202 /src/ipc
parent	062f40ef3e56021f4a9902095867e35cce6d99c4 (diff)
download	musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.tar.gz musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.tar.xz musl-17aef0b41e3d7cb37c476cbe2df26fc444518a64.zip