From 1f78ddd5719d50d3af7140066316932ef00044cf Mon Sep 17 00:00:00 2001 From: Samuel Thibault Date: Sun, 28 Aug 2016 21:12:05 +0200 Subject: Fix exec crash when setexecdata has never been called or called with a small array. This notably happens when using a sub-exec, see BZ #48919. * exec/hashexec.c (check_hashbang): Check std_nports before accessing std_ports. --- exec/hashexec.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/exec/hashexec.c b/exec/hashexec.c index e53d2eea..6337f0a4 100644 --- a/exec/hashexec.c +++ b/exec/hashexec.c @@ -97,22 +97,24 @@ check_hashbang (struct execdata *e, mach_port_t port = ((which < nports && portarray[which] != MACH_PORT_NULL) ? portarray[which] : - (flags & EXEC_DEFAULTS) ? std_ports[which] - : MACH_PORT_NULL); + (flags & EXEC_DEFAULTS && which < std_nports) + ? std_ports[which] + : MACH_PORT_NULL); /* Reauthenticate dir ports if they are the defaults. */ switch (which) { case INIT_PORT_CRDIR: /* If secure, always use the default root. */ - if ((flags & EXEC_SECURE) || - port == std_ports[which]) + if ((which < std_nports && flags & EXEC_SECURE) || + (which < std_nports && port == std_ports[which])) return (reauthenticate (std_ports[which], &user_crdir) ?: (*operate) (user_crdir)); break; case INIT_PORT_CWDIR: /* If secure, reauthenticate cwd whether default or given. */ - if ((flags & EXEC_SECURE) || port == std_ports[which]) + if ((flags & EXEC_SECURE) || + (which < std_nports && port == std_ports[which])) return (reauthenticate (port, &user_cwdir) ?: (*operate) (user_cwdir)); break; -- cgit v1.2.3