Never call unmap with MAP_FAILED. (#5590)

When mmap is called, the code in correctly checks for p == MAP_FAILED.

But the resource cleanup at the end of busname_peek_message checks for
p == NULL, and if that's not true, munmap is called.

Therefore in error case, munmap is called with a MAP_FAILED argument
which can result in unexpected behaviour depending on sz's value.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/src/core/busname.c b/src/core/busname.c
index 88b758eecbe086fb5ae97b07353224d86aca52f9..955f6f88d86c07b86370a5ad02bfe50eefd6e0fd 100644 (file)
--- a/src/core/busname.c
+++ b/src/core/busname.c
@@ -764,7 +764,7 @@ static int busname_peek_message(BusName *n) {
         struct kdbus_item *d;
         struct kdbus_msg *k;
         size_t start, ps, sz, delta;
-        void *p = NULL;
+        void *p = MAP_FAILED;
         pid_t pid = 0;
         int r;
 
@@ -825,7 +825,7 @@ static int busname_peek_message(BusName *n) {
         r = 0;
 
 finish:
-        if (p)
+        if (p != MAP_FAILED)
                 (void) munmap(p, sz);
 
         cmd_free.offset = cmd_recv.msg.offset;