summaryrefslogtreecommitdiff
path: root/libc/misc/sysvipc
diff options
context:
space:
mode:
Diffstat (limited to 'libc/misc/sysvipc')
-rw-r--r--libc/misc/sysvipc/msgq.c1
-rw-r--r--libc/misc/sysvipc/sem.c5
-rw-r--r--libc/misc/sysvipc/shm.c1
3 files changed, 6 insertions, 1 deletions
diff --git a/libc/misc/sysvipc/msgq.c b/libc/misc/sysvipc/msgq.c
index b61aaa55d..2d8bcae99 100644
--- a/libc/misc/sysvipc/msgq.c
+++ b/libc/misc/sysvipc/msgq.c
@@ -28,6 +28,7 @@ int msgctl(int msqid, int cmd, struct msqid_ds *buf)
int __ret = __libc_msgctl(msqid, cmd | __IPC_64, buf);
#if (__WORDSIZE == 32) && defined(__UCLIBC_USE_TIME64__) && (defined(__mips) || defined(__riscv))
union msqun arg = {.buff = buf};
+ // When cmd is IPC_RMID, buf should be NULL.
if (arg.__pad != NULL) {
arg.buff->msg_stime = (__time_t)arg.buff->msg_stime_internal_1 | (__time_t)(arg.buff->msg_stime_internal_2) << 32;
arg.buff->msg_rtime = (__time_t)arg.buff->msg_rtime_internal_1 | (__time_t)(arg.buff->msg_rtime_internal_2) << 32;
diff --git a/libc/misc/sysvipc/sem.c b/libc/misc/sysvipc/sem.c
index ec5c51490..66f86f53c 100644
--- a/libc/misc/sysvipc/sem.c
+++ b/libc/misc/sysvipc/sem.c
@@ -58,7 +58,10 @@ int semctl(int semid, int semnum, int cmd, ...)
#ifdef __NR_semctl
int __ret = __semctl(semid, semnum, cmd | __IPC_64, arg.__pad);
#if (__WORDSIZE == 32) && defined(__UCLIBC_USE_TIME64__)
- if (arg.__pad != NULL) {
+ // Only when cmd is IPC_STAT and IPC_SET, semun points to struct semid_ds.
+ // At this point, arg.__pad should not be NULL, but a check is added just
+ // to be safe.
+ if ((cmd & (IPC_STAT | IPC_SET)) && (arg.__pad != NULL)) {
arg.buf->sem_otime = (__time_t)arg.buf->__sem_otime_internal_1 | (__time_t)(arg.buf->__sem_otime_internal_2) << 32;
arg.buf->sem_ctime = (__time_t)arg.buf->__sem_ctime_internal_1 | (__time_t)(arg.buf->__sem_ctime_internal_2) << 32;
}
diff --git a/libc/misc/sysvipc/shm.c b/libc/misc/sysvipc/shm.c
index e4fd2ea7b..b3366b301 100644
--- a/libc/misc/sysvipc/shm.c
+++ b/libc/misc/sysvipc/shm.c
@@ -69,6 +69,7 @@ int shmctl(int shmid, int cmd, struct shmid_ds *buf)
int __ret = __syscall_shmctl(shmid, cmd | __IPC_64, buf);
#if (__WORDSIZE == 32) && defined(__mips) && defined(__UCLIBC_USE_TIME64__)
union shmun arg = {.buff = buf};
+ // When cmd is IPC_RMID, buf should be NULL.
if (arg.__pad != NULL) {
arg.buff->shm_atime = (__time_t)arg.buff->shm_atime_internal_1 | (__time_t)(arg.buff->shm_atime_internal_2) << 32;
arg.buff->shm_dtime = (__time_t)arg.buff->shm_dtime_internal_1 | (__time_t)(arg.buff->shm_dtime_internal_2) << 32;
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-17 15:46:05 +0000