| User: | Jiri Slaby |
| Error type: | Invalid Pointer Dereference |
| Error type description: | A pointer which is invalid is being dereferenced |
| File location: | fs/exec.c |
| Line in file: | 1786 |
| Project: | Linux Kernel |
| Project version: | 2.6.28 |
| Tools: |
Smatch
(1.59)
|
| Entered: | 2013-09-10 07:54:05 UTC |
1756 /* 1757 * Clear any false indication of pending signals that might 1758 * be seen by the filesystem code called to write the core file. 1759 */ 1760 clear_thread_flag(TIF_SIGPENDING); 1761 1762 /* 1763 * lock_kernel() because format_corename() is controlled by sysctl, which 1764 * uses lock_kernel() 1765 */ 1766 lock_kernel(); 1767 ispipe = format_corename(corename, signr); 1768 unlock_kernel(); 1769 /* 1770 * Don't bother to check the RLIMIT_CORE value if core_pattern points 1771 * to a pipe. Since we're not writing directly to the filesystem 1772 * RLIMIT_CORE doesn't really apply, as no actual core file will be 1773 * created unless the pipe reader choses to write out the core file 1774 * at which point file size limits and permissions will be imposed 1775 * as it does with any other process 1776 */ 1777 if ((!ispipe) && (core_limit < binfmt->min_coredump)) 1778 goto fail_unlock; 1779 1780 if (ispipe) { 1781 helper_argv = argv_split(GFP_KERNEL, corename+1, &helper_argc); 1782 /* Terminate the string before the first option */ 1783 delimit = strchr(corename, ' '); 1784 if (delimit) 1785 *delimit = '\0'; 1786 delimit = strrchr(helper_argv[0], '/'); 1787 if (delimit) 1788 delimit++; 1789 else 1790 delimit = helper_argv[0]; 1791 if (!strcmp(delimit, current->comm)) { 1792 printk(KERN_NOTICE "Recursive core dump detected, " 1793 "aborting\n"); 1794 goto fail_unlock; 1795 } 1796