Skip to content

Commit

Permalink
fork.c: fix NULL pointer dereference when nr_threads == threads-max
Browse files Browse the repository at this point in the history 
I happened to forked lots of processes, and hit NULL pointer dereference.
It is because in copy_process() after checking max_threads, 0 is returned
but not -EAGAIN.

The bug is introduced by "CRED: Detach the credentials from task_struct"
(commit f1752ee).

Signed-off-by: Li Zefan <[email protected]>
Signed-off-by: David Howells <[email protected]>
Acked-by: James Morris <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
@torvalds
Li Zefan authored and torvalds committed Feb 6, 2009
1 parent b2a740a commit 04ec93f
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions kernel/fork.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1005,6 +1005,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
* triggers too late. This doesn't hurt, the check is only there
* to stop root fork bombs.
*/
retval = -EAGAIN;
if (nr_threads >= max_threads)
goto bad_fork_cleanup_count;

Expand Down

0 comments on commit 04ec93f

Please sign in to comment.