Project

General

Profile

Actions

Bug #2009

closed

POSIX message queue malloc zone overflow

Added by vsrinivas almost 14 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

#include <sys/types.h>
#include <mqueue.h>

int main() {
int i;
static struct mq_attr attr;
attr.mq_maxmsg=31;
attr.mq_msgsize=128;
char nam300 = {};
int pidr;

for (i = 0; i < 128; i++) {
pidr = fork();
if(pidr == 0)
goto co;
}

co:
for (i = 0; i < 900; i++) {
sprintf(nam, "%d-%228d", i,getpid());
mq_unlink(nam);
if (mq_open(nam, O_RDWR|O_CREAT|O_EXCL, 0777, &attr) == -1)
break;
}

pause();
}

-------------------
The above program will hit a panic on a malloc zone overflow in sys_mqueue.c.

Actions

Also available in: Atom PDF