diff options
Diffstat (limited to 'src/ipc')
| -rw-r--r-- | src/ipc/semget.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/ipc/semget.c b/src/ipc/semget.c index 5f110e3b..c4a559db 100644 --- a/src/ipc/semget.c +++ b/src/ipc/semget.c @@ -1,9 +1,16 @@ #include <sys/sem.h> +#include <limits.h> +#include <errno.h> #include "syscall.h" #include "ipc.h" int semget(key_t key, int n, int fl) { + /* The kernel uses the wrong type for the sem_nsems member + * of struct semid_ds, and thus might not check that the + * n fits in the correct (per POSIX) userspace type, so + * we have to check here. */ + if (n > USHRT_MAX) return __syscall_ret(-EINVAL); #ifdef SYS_semget return syscall(SYS_semget, key, n, fl); #else |