Allocate as much as is later read, didn't do harm though.

Further in the process the flat argument size is rounded up, but the
actual allocation was done with the unaligned size causing an access
beyond the allocation when later copying the flat arguments. It didn't
do any actual harm as the block sizes of our allocator(s) use elements
that have at least such an alignment.
This commit is contained in:
Michael Lotz 2011-12-03 23:13:52 +01:00
parent b39f919dbf
commit e62d9911ea

View File

@ -1378,7 +1378,7 @@ copy_user_process_args(const char* const* userFlatArgs, size_t flatArgsSize,
return B_BAD_ADDRESS;
// allocate kernel memory
char** flatArgs = (char**)malloc(flatArgsSize);
char** flatArgs = (char**)malloc(_ALIGN(flatArgsSize));
if (flatArgs == NULL)
return B_NO_MEMORY;