ipc: set msg back to -EAGAIN if copy wasn't performed

Make sure that msg pointer is set back to error value in case of MSG_COPY flag is set and desired message to copy wasn't found. This garantees that msg is either a error pointer or a copy address. Otherwise the last message in queue will be freed without unlinking from the queue (which leads to memory corruption) and the dummy allocated copy won't be released. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Stanislav Kinsbursky <skinsbursky@parallels.com> 2013-04-01 11:40:51 +0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-04-02 10:09:01 -0700
commit: 2dc958fa2fe6987e7ab106bd97029a09a82fcd8d (patch)
tree: c260602e6d7233a0e05f252c0dfcb4dae587b9d2 /ipc/msg.c
parent: 118c9a45fdacc6fe57910fa1d048e2d5bbc193f4 (diff)
download: linux-2dc958fa2fe6987e7ab106bd97029a09a82fcd8d.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/ipc/msg.c b/ipc/msg.c
index 31cd1bf6af27..fede1d06ef30 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -872,6 +872,7 @@ long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp,
 							goto out_unlock;
 						break;
 					}
+					msg = ERR_PTR(-EAGAIN);
 				} else
 					break;
 				msg_counter++;
author	Stanislav Kinsbursky <skinsbursky@parallels.com>	2013-04-01 11:40:51 +0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-04-02 10:09:01 -0700
commit	2dc958fa2fe6987e7ab106bd97029a09a82fcd8d (patch)
tree	c260602e6d7233a0e05f252c0dfcb4dae587b9d2 /ipc/msg.c
parent	118c9a45fdacc6fe57910fa1d048e2d5bbc193f4 (diff)
download	linux-2dc958fa2fe6987e7ab106bd97029a09a82fcd8d.tar.gz