Date: Thu, 29 Dec 2011 06:20:36 +0100
From: m...@netbsd.org (Emmanuel Dreyfus)
I can reliabily crash latest netbsd-5 kernel with an unprivilegied
ktrace -p on an unexisting process...
What prevents ktrace_common from returning -- and sys_ktrace from
subsequently fd_aborting the file
isn't this caused by uninitialised pointer accesses in sys_ktrace()?
if (KTROP(SCARG(uap, ops)) != KTROP_CLEAR) {
... code to init fp ...
}
error = ktrace_common(l, SCARG(uap, ops), SCARG(uap, facs),
SCARG(uap, pid), fp);
if (fp != NULL) {
On Thu, Dec 29, 2011 at 8:26 AM, matthew sporleder msporle...@gmail.com wrote:
On Thu, Dec 29, 2011 at 12:20 AM, Emmanuel Dreyfus m...@netbsd.org wrote:
Hello
I can reliabily crash latest netbsd-5 kernel with an unprivilegied
ktrace -p on an unexisting process:
$ ktrace -p 666
panic:
ignore the previous:
either way fp is garbage on the stack at this point if not
KTROP_CLEAR. the uses in ktrace_common() won't fault, but the
fd_abort()s will (which is where we see the panic).
can people see if this works ok if fp is initialised to NULL?
(either at the top of the