Modified: trunk/launchd/src/launchd_runtime.c (23030 => 23031)

--- trunk/launchd/src/launchd_runtime.c	2007-02-05 22:11:46 UTC (rev 23030)
+++ trunk/launchd/src/launchd_runtime.c	2007-02-06 17:50:05 UTC (rev 23031)
@@ -34,12 +34,14 @@
 #include <mach/host_info.h>
 #include <mach/mach_host.h>
 #include <mach/exception.h>
+#include <mach-o/dyld.h>
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/event.h>
 #include <sys/queue.h>
 #include <sys/socket.h>
 #include <bsm/libbsm.h>
+#include <malloc/malloc.h>
 #include <unistd.h>
 #include <pthread.h>
 #include <errno.h>
@@ -190,6 +192,36 @@
 	return NULL;
 }
 
+static bool
+ptr_is_in_exe(void *ptr)
+{
+	uint32_t i, count = _dyld_image_count();
+
+	for (i = 0; i < count; i++) {
+		const struct mach_header *header = _dyld_get_image_header(i);
+		uint32_t j, offset = _dyld_get_image_vmaddr_slide(i);
+		struct segment_command *seg;
+		struct load_command *cmd;
+
+		j = 0;
+		cmd = (struct load_command*)((char *)header + sizeof(struct mach_header));
+
+		while (j < header->ncmds) {
+			if (cmd->cmd == LC_SEGMENT) {
+				seg = (struct segment_command*)cmd;
+				if (((uint32_t)ptr >= (seg->vmaddr + offset)) && ((uint32_t)ptr < (seg->vmaddr + offset + seg->vmsize))) {
+					return true;
+				}
+			}
+
+			j++;
+			cmd = (struct load_command*)((char*)cmd + cmd->cmdsize);
+		}
+	}
+	
+	return false;
+}
+
 kern_return_t
 x_handle_kqueue(mach_port_t junk __attribute__((unused)), integer_t fd)
 {
@@ -200,7 +232,12 @@
 	launchd_assumes((kevr = kevent(fd, NULL, 0, &kev, 1, &ts)) != -1);
 
 	if (kevr == 1) {
-		(*((kq_callback *)kev.udata))(kev.udata, &kev);
+		if (launchd_assumes(malloc_size(kev.udata) || ptr_is_in_exe(kev.udata))) {
+			(*((kq_callback *)kev.udata))(kev.udata, &kev);
+		} else {
+			syslog(LOG_ERR, "kev.ident == 0x%x kev.filter == 0x%x kev.fflags = 0x%x kev.udata = 0x%x",
+					kev.ident, kev.filter, kev.fflags, kev.udata);
+		}
 	}
 
 	launchd_post_kevent();