From jelal.hb.north.de!nox@deceased.hb.north.de  Sun Dec  3 17:51:05 1995
Received: from deceased.hb.north.de (deceased.hb.north.de [194.94.232.249])
          by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id RAA13675
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 3 Dec 1995 17:50:50 -0800
Received: from jelal.hb.north.de by deceased.hb.north.de with uucp
	(Smail3.1.29.1) id m0tMQ1R-000ZZ6C; Mon, 4 Dec 95 02:48 MET
Received: by jelal.hb.north.de (SMail-ST 0.95gcc/2.5+)
	id AA00063; Sun, 3 Dec 1995 19:11:10 +0100 (CET)
Received: (from nox@localhost) by saturn (8.6.11/8.6.9) id QAA01012; Sun, 3 Dec 2000 16:44:37 +0100
Message-Id: <200012031544.QAA01012@saturn>
Date: Sun, 3 Dec 1995 16:44:37 +0100
From: nox@jelal.hb.north.de
Reply-To: nox@jelal.hb.north.de
To: FreeBSD-gnats-submit@freebsd.org
Subject: bogus shmdt(2) call -> page fault
X-Send-Pr-Version: 3.2

>Number:         865
>Category:       kern
>Synopsis:       bogus shmdt(2) call can crash system
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Dec  3 18:00:08 PST 1995
>Closed-Date:    Sun Dec 3 18:29:53 PST 1995
>Last-Modified:  Sun Dec  3 18:30:12 PST 1995
>Originator:     Juergen Lock
>Release:        FreeBSD 2.0-BUILT-19950603 i386
>Organization:
Orga-what? :)
>Environment:

	2.1.0 kernel (rest partly 2.0.5...)

>Description:


>How-To-Repeat:

	#include <sys/shm.h>

	main () {
		shmdt(0);
	}

>Fix:
	
Index: sys/kern/sysv_shm.c
@@ -173,6 +173,8 @@
 	int i;
 
 	shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm;
+	if (shmmap_s == NULL)
+		return EINVAL;
 	for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
 		if (shmmap_s->shmid != -1 &&
 		    shmmap_s->va == (vm_offset_t)uap->shmaddr)
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: jkh 
State-Changed-When: Sun Dec 3 18:29:53 PST 1995 
State-Changed-Why:  
Fix applied. 
>Unformatted:
