ipc: set msg back to -EAGAIN if copy wasn't performed

Make sure that msg pointer is set back to error value in case of MSG_COPY flag is set and desired message to copy wasn't found. This garantees that msg is either a error pointer or a copy address. Otherwise the last message in queue will be freed without unlinking from the queue (which leads to memory corruption) and the dummy allocated copy won't be released. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-04-01 11:40:51 +04:00 · 2013-04-01 11:40:51 +04:00 · 2dc958fa2f
--- a/ipc/msg.c
+++ b/ipc/msg.c
@ -872,6 +872,7 @@ long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp,
 							goto out_unlock;
 						break;
 					}
+					msg = ERR_PTR(-EAGAIN);
 				} else
 					break;
 				msg_counter++;