From owner-freebsd-bugs Fri Mar 22 12:35:08 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id MAA28120 for bugs-outgoing; Fri, 22 Mar 1996 12:35:08 -0800 (PST) Received: from stef.prod.com (ad24-121.compuserve.com [199.174.166.121]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id MAA28102 for ; Fri, 22 Mar 1996 12:34:54 -0800 (PST) Received: (from stef@localhost) by stef.prod.com (8.6.12/8.6.12) id PAA00509 for bugs@freebsd.org; Fri, 22 Mar 1996 15:33:06 -0500 Date: Fri, 22 Mar 1996 15:33:06 -0500 From: Stephane Russell Message-Id: <199603222033.PAA00509@stef.prod.com> Apparently-To: bugs@freebsd.org Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk BUG REPORT ---------- - File: src/gnu/usr.bin/ld/rtld.c - Function: unmaphints The function maphints map the hint file two times if the size of the hint file is bigger than PAGSIZ: > hsize = PAGSIZ; > addr = mmap(0, hsize, PROT_READ, MAP_COPY, hfd, 0); than > if (hheader->hh_ehints > hsize) { > if (mmap(addr+hsize, hheader->hh_ehints - hsize, > PROT_READ, MAP_COPY|MAP_FIXED, > hfd, hsize) != (caddr_t)(addr+hsize)) { > > munmap((caddr_t)hheader, hsize); > close(hfd); > hheader = (struct hints_header *)-1; > return; > } The function umaphints forgets to unmap the second part, if necessary: > static void > unmaphints() > { > > if (HINTS_VALID) { > munmap((caddr_t)hheader, hsize); > close(hfd); > hheader = NULL; > } > } As you can see, if the hint file grows bigger than PAGSIZ, this can lead to problems. Stef 102556,543@compuserve.com Note: There is probably no e-mail adress indicated on top of the letter. If you need to communicate with me, use the adress just above this note.