From 2b7e3753ecbba3ada2572a2a7038b11cfd1f0bd3 Mon Sep 17 00:00:00 2001 From: Zbigniew Chyla Date: Fri, 24 Apr 2015 17:55:00 +0200 Subject: Use correct size of segment for shared-mem export The gpsd exports data to clients via shared-memory using struct shmexport_t, which contains both a copy of struct gps_data_t and additional fields. However, when allocating shared memory via shmget(), it was passing sizeof(struct gps_data_t) as size of the whole segment. The bug may cause gpsd crash in case the size of gps_data_t is equal to or slightly smaller than a multiple of PAGE_SIZE. --- shmexport.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'shmexport.c') diff --git a/shmexport.c b/shmexport.c index bd118c9a..a69e6cb1 100644 --- a/shmexport.c +++ b/shmexport.c @@ -36,19 +36,19 @@ bool shm_acquire(struct gps_context_t *context) { long shmkey = getenv("GPSD_SHM_KEY") ? strtol(getenv("GPSD_SHM_KEY"), NULL, 0) : GPSD_SHM_KEY; - int shmid = shmget((key_t)shmkey, sizeof(struct gps_data_t), (int)(IPC_CREAT|0666)); + int shmid = shmget((key_t)shmkey, sizeof(struct shmexport_t), (int)(IPC_CREAT|0666)); if (shmid == -1) { gpsd_log(&context->errout, LOG_ERROR, "shmget(0x%lx, %zd, 0666) for SHM export failed: %s\n", shmkey, - sizeof(struct gps_data_t), + sizeof(struct shmexport_t), strerror(errno)); return false; } else gpsd_log(&context->errout, LOG_PROG, "shmget(0x%lx, %zd, 0666) for SHM export succeeded\n", shmkey, - sizeof(struct gps_data_t)); + sizeof(struct shmexport_t)); context->shmexport = (void *)shmat(shmid, 0, 0); if ((int)(long)context->shmexport == -1) { -- cgit v1.2.1