svn commit: trunk/uClibc/librt

vapier at uclibc.org vapier at uclibc.org
Fri Feb 9 22:23:35 UTC 2007 

Author: vapier
Date: 2007-02-09 14:23:35 -0800 (Fri, 09 Feb 2007)
New Revision: 17847

Log:
Kay McCormick reports: when evp is NULL, it is reset too late and so can cause a crash when it is dereferenced

Modified:
   trunk/uClibc/librt/timer_create.c


Changeset:
Modified: trunk/uClibc/librt/timer_create.c
===================================================================
--- trunk/uClibc/librt/timer_create.c	2007-02-09 22:14:34 UTC (rev 17846)
+++ trunk/uClibc/librt/timer_create.c	2007-02-09 22:23:35 UTC (rev 17847)
@@ -26,9 +26,19 @@
 {
 	int retval;
 	kernel_timer_t ktimerid;
-	struct sigevent local_evp;
+	struct sigevent default_evp;
 	struct timer *newp;
 
+	if (evp == NULL) {
+		/*
+		 * The kernel has to pass up the timer ID which is a userlevel object.
+		 * Therefore we cannot leave it up to the kernel to determine it.
+		 */
+		default_evp.sigev_notify = SIGEV_SIGNAL;
+		default_evp.sigev_signo = SIGALRM;
+		evp = &default_evp;
+	}
+
 	/* Notification via a thread is not supported yet */
 	if (__builtin_expect(evp->sigev_notify == SIGEV_THREAD, 1))
 		return -1;
@@ -38,25 +48,14 @@
 	 * struct timer as a derived class with the first two elements
 	 * being in the superclass. We only need these two elements here.
 	 */
-	newp = (struct timer *)malloc(offsetof(struct timer, thrfunc));
+	newp = malloc(offsetof(struct timer, thrfunc));
 	if (newp == NULL)
 		return -1;	/* No memory */
+	default_evp.sigev_value.sival_ptr = newp;
 
-	if (evp == NULL) {
-		/*
-		 * The kernel has to pass up the timer ID which is a userlevel object.
-		 * Therefore we cannot leave it up to the kernel to determine it.
-		 */
-		local_evp.sigev_notify = SIGEV_SIGNAL;
-		local_evp.sigev_signo = SIGALRM;
-		local_evp.sigev_value.sival_ptr = newp;
-
-		evp = &local_evp;
-	}
-
 	retval = __syscall_timer_create(clock_id, evp, &ktimerid);
 	if (retval != -1) {
-		newp->sigev_notify = (evp != NULL ? evp->sigev_notify : SIGEV_SIGNAL);
+		newp->sigev_notify = evp->sigev_notify;
 		newp->ktimerid = ktimerid;
 
 		*timerid = (timer_t) newp;

More information about the uClibc-cvs mailing list