From 1b67c1b1534c00cbcd222e87fa807eaef6efa172 Mon Sep 17 00:00:00 2001
From: 4qwerty7 <4qwerty7@163.com>
Date: Tue, 24 Oct 2023 07:00:52 +0800
Subject: [PATCH] kernel: fix null pointer dereference for some case (#1075)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

在 #973 __never_use_envp 被改名为 envp 并使用。

这导致 GKI 版本一旦代码运行到
[213](https://github.com/tiann/KernelSU/blob/344c08bb79ba12b692016750cda363f9f3500182/kernel/ksud.c#L213)
行（或许只有 WSA 等类似情况会跑到这？），就会触发一个空指针解引用。

此PR意在修复此问题，且已在WSA上测试。
---
 kernel/ksud.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/kernel/ksud.c b/kernel/ksud.c
index 0be30ef9..d571ef09 100644
--- a/kernel/ksud.c
+++ b/kernel/ksud.c
@@ -138,9 +138,9 @@ static int __maybe_unused count(struct user_arg_ptr argv, int max)
 	return i;
 }
 
-// the call from execve_handler_pre won't provided correct value for __never_use_argument, use them after fix execve_handler_pre, keeping them for consistence for manually patched code
+// IMPORTANT NOTE: the call from execve_handler_pre WON'T provided correct value for envp and flags in GKI version
 int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
-				struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *__never_use_flags)
+				struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags)
 {
 #ifndef CONFIG_KPROBES
 	if (!ksu_execveat_hook) {
@@ -167,7 +167,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
 	}
 
 	if (unlikely(!memcmp(filename->name, system_bin_init, 
-				sizeof(system_bin_init) - 1))) {
+				sizeof(system_bin_init) - 1) && argv)) {
 		// /system/bin/init executed
 		int argc = count(*argv, MAX_ARG_STRINGS);
 		pr_info("/system/bin/init argc: %d\n", argc);
@@ -188,7 +188,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
 			}
 		}
 	} else if (unlikely(!memcmp(filename->name, old_system_init,
-				sizeof(old_system_init) - 1))) {
+				sizeof(old_system_init) - 1) && argv)) {
 		// /init executed
 		int argc = count(*argv, MAX_ARG_STRINGS);
 		pr_info("/init argc: %d\n", argc);
@@ -208,7 +208,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
 			} else {
 				pr_err("/init parse args err!\n");
 			}
-		} else if (argc == 1 && !init_second_stage_executed) {
+		} else if (argc == 1 && !init_second_stage_executed && envp) {
 			/* This applies to versions between Android 8 ~ 9  */
 			int envc = count(*envp, MAX_ARG_STRINGS);
 			if (envc > 0) {