Madivelopa a polojekiti ya Grsecurity nkhani yochenjeza yomwe ikuwonetsa momwe kuchotsa mosasamala kwa machenjezo ophatikizira kungabweretsere zofooka mu code. Kumapeto kwa Meyi, kwa Linux kernel, kukonza kudakonzedwa kuti pakhale vekitala yatsopano yopezera chiopsezo cha Specter kudzera pa foni ya ptrace system.
Poyesa chigambacho, opanga adawona kuti pomanga, wopangayo amawonetsa chenjezo lokhudza kusakaniza kachidindo ndi matanthauzidwe (mapangidwewo amatanthauzidwa pambuyo pa kachidindo ndikupereka mtengo kumitundu yomwe ilipo):
int index = n;
ngati (n < HBP_NUM) { index = array_index_nospec(index, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
Linus anavomera kwa mbuye wanu, kuchokera ku chenjezo pokulunga tanthauzo losinthika mu block ngati:
ngati (n < HBP_NUM) { int index = array_index_nospec(n, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
Mu Julayi, kukonzako kudatumizidwanso ku nthambi za 4.4, 4.9, 4.14, 4.19, ndi 5.2 kernel. Osamalira khola adakumananso ndi chenjezoli, ndipo m'malo moyang'ana kuti awone ngati anali atakhazikika kale munthambi yayikulu ya Linus, adazidula okha. Vuto ndiloti iwo, popanda kuganizira kwambiri, basi Kapangidwe kakutanthauzira, kotero kuti kuyitana kwa array_index_nospec, komwe kumapereka chitetezo mwachindunji ku chiwopsezo, sikugwiritsidwenso ntchito pakutanthauzira kapangidwe kake, ndipo m'malo mwa "index" variable, "n" yosinthika idagwiritsidwa ntchito nthawi zonse:
int index = n;
ngati (n < HBP_NUM ){ struct perf_event *bp = thread->ptrace_bps[index];
index = array_index_nospec(index, HBP_NUM);
Source: opennet.ru