[Bug 206396] Crash while concurrent POSIX semaphore access
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Jan 22 14:53:07 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206396
--- Comment #1 from commit-hook at freebsd.org ---
A commit references this bug:
Author: jilles
Date: Fri Jan 22 14:52:31 UTC 2016
New revision: 294565
URL: https://svnweb.freebsd.org/changeset/base/294565
Log:
sem: Don't free nameinfo that is still in list when open() fails.
This bug could be reproduced easily by calling sem_open() with O_CREAT |
O_EXCL on a semaphore that is already open in the process. The struct
sem_nameinfo would be freed while still in sem_list and later calls to
sem_open() or sem_close() could access freed memory.
PR: 206396
MFC after: 5 days
Changes:
head/lib/libc/gen/sem_new.c
head/tools/regression/posixsem2/semtest.c
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-amd64
mailing list