RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 04:07:44 +00:00
Code Issues Activity Actions

Kernel: Make Region weakable and use WeakPtr<Region> instead of Region*

Browse source 
This turns use-after-free bugs into null pointer dereferences instead.
This commit is contained in:
Andreas Kling 2020-02-24 13:24:30 +01:00
parent 79576f9280
commit 30a8991dbf
5 changed files with 14 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Kernel/SharedBuffer.cpp
View file

@ -86,12 +86,13 @@ void* SharedBuffer::ref_for_process_and_get_address(Process& process)
for (auto& ref : m_refs) {
if (ref.pid == process.pid()) {
ref.count++;
m_total_refs++;
if (ref.region == nullptr) {
ref.region = process.allocate_region_with_vmobject(VirtualAddress(), size(), m_vmobject, 0, "SharedBuffer", PROT_READ | (m_writable ? PROT_WRITE : 0));
if (!ref.region) {
auto* region = process.allocate_region_with_vmobject(VirtualAddress(), size(), m_vmobject, 0, "SharedBuffer", PROT_READ | (m_writable ? PROT_WRITE : 0));
ref.region = region->make_weak_ptr();
ref.region->set_shared(true);
}
ref.count++;
m_total_refs++;
sanity_check("ref_for_process_and_get_address");
return ref.region->vaddr().as_ptr();
}