diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2020-06-12 18:13:32 +0000 |
|---|---|---|
| committer | Kyle Evans <kevans@FreeBSD.org> | 2020-06-12 18:13:32 +0000 |
| commit | ebff66b3c3314b29a295f6ea6276e74cec47c841 (patch) | |
| tree | ab8154efd0da7993c278a9f16cb24f0067427d9b | |
| parent | 13dca1937fd7407b09c71ac76f223afa24dab91d (diff) | |
Notes
| -rw-r--r-- | lib/libc/gen/posix_spawn.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/libc/gen/posix_spawn.c b/lib/libc/gen/posix_spawn.c index 581d057c82ed..0bca52811e30 100644 --- a/lib/libc/gen/posix_spawn.c +++ b/lib/libc/gen/posix_spawn.c @@ -276,9 +276,19 @@ do_posix_spawn(pid_t *pid, const char *path, stacksz += MAX(3, cnt + 2) * sizeof(char *); stacksz = PSPAWN_STACK_ALIGN(stacksz); } - stack = aligned_alloc(PSPAWN_STACK_ALIGNMENT, stacksz); + + /* + * aligned_alloc is not safe to use here, because we can't guarantee + * that aligned_alloc and free will be provided by the same + * implementation. We've actively hit at least one application that + * will provide its own malloc/free but not aligned_alloc leading to + * a free by the wrong allocator. + */ + stack = malloc(stacksz); if (stack == NULL) return (ENOMEM); + stacksz = (((uintptr_t)stack + stacksz) & ~PSPAWN_STACK_ALIGNBYTES) - + (uintptr_t)stack; #endif psa.path = path; psa.fa = fa; |