[haiku-commits] BRANCH xyzzy-github.x86_64 - src/system/kernel/vm

  • From: xyzzy-github.x86_64 <community@xxxxxxxxxxxx>
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Tue, 14 Aug 2012 19:49:17 +0200 (CEST)

added 1 changeset to branch 'refs/remotes/xyzzy-github/x86_64'
old head: a53cfbf4911ef182672f5a37779a047cfa971221
new head: 4efc3430a040f033cdda576d1b32a762252afc24

----------------------------------------------------------------------------

4efc343: Fixed possible NULL dereference in vm_page_fault.
  
  This bug was introduced by changing IS_USER_ADDRESS to check against
  USER_BASE AND USER_TOP rather than just !IS_KERNEL_ADDRESS. Faults
  on addresses outside both the user and kernel address spaces (i.e. the
  gap between user and kernel) would result in addressSpace being NULL,
  but addressSpace was being used without checking for NULL at one point.

                                      [ Alex Smith <alex@xxxxxxxxxxxxxxxx> ]

----------------------------------------------------------------------------

Commit:      4efc3430a040f033cdda576d1b32a762252afc24

Author:      Alex Smith <alex@xxxxxxxxxxxxxxxx>
Date:        Tue Aug 14 16:46:09 2012 UTC

----------------------------------------------------------------------------

1 file changed, 7 insertions(+), 4 deletions(-)
src/system/kernel/vm/vm.cpp |   11 +++++++----

----------------------------------------------------------------------------

diff --git a/src/system/kernel/vm/vm.cpp b/src/system/kernel/vm/vm.cpp
index 79eeb71..1559491 100644
--- a/src/system/kernel/vm/vm.cpp
+++ b/src/system/kernel/vm/vm.cpp
@@ -4058,11 +4058,13 @@ vm_page_fault(addr_t address, addr_t faultAddress, bool 
isWrite, bool isUser,
                        }
                } else {
 #if 1
-                       addressSpace->ReadLock();
-
                        // TODO: remove me once we have proper userland 
debugging support
                        // (and tools)
-                       VMArea* area = addressSpace->LookupArea(faultAddress);
+                       VMArea* area = NULL;
+                       if (addressSpace != NULL) {
+                               addressSpace->ReadLock();
+                               area = addressSpace->LookupArea(faultAddress);
+                       }
 
                        Thread* thread = thread_get_current_thread();
                        dprintf("vm_page_fault: thread \"%s\" (%" B_PRId32 ") 
in team "
@@ -4127,7 +4129,8 @@ vm_page_fault(addr_t address, addr_t faultAddress, bool 
isWrite, bool isUser,
                        }
 #      endif   // 0 (stack trace)
 
-                       addressSpace->ReadUnlock();
+                       if (addressSpace != NULL)
+                               addressSpace->ReadUnlock();
 #endif
 
                        // If the thread has a signal handler for SIGSEGV, we 
simply


Other related posts: