lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 6 May 2008 13:27:37 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Greg KH <gregkh@...e.de>
cc:	OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>,
	Yinghai Lu <yhlu.kernel@...il.com>,
	Ingo Molnar <mingo@...e.hu>, Len Brown <lenb@...nel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	linux-acpi <linux-acpi@...r.kernel.org>
Subject: Re: acpi_cpu_freq_init warning...



On Tue, 6 May 2008, Greg KH wrote:

> On Wed, May 07, 2008 at 04:02:53AM +0900, OGAWA Hirofumi wrote:
> > Linus Torvalds <torvalds@...ux-foundation.org> writes:
> > 
> > > On Tue, 6 May 2008, OGAWA Hirofumi wrote:
> > >> -	if ((drv->entry.next != drv->entry.prev) ||
> > >> +	if ((drv->entry.next != drv->entry.prev) &&
> > >>  	    (drv->entry.next != NULL)) {
> > >
> > > Umm. That code still makes no sense.
> > >
> > > The "drv->entry.next == drv->entry.prev" condition will trigger under 
> > > *three* different circumstances:
> > >
> > >  - next/prev == NULL (uninitialized). Checked for by the explicit check 
> > >    against NULL.
> > >
> > >  - list empty (both next/prev point back to itself), which I assume the 
> > >    check was *meant* for.
> > >
> > >  - list has only *one* entry, when next/prev both point to the list head.
> > >
> > > and I'm pretty damn sure that whoever wrote that code didn't mean that 
> > > last one, but who knows..
> > >
> > > The fact is, looking at next/prev this way is a sure way to have bugs.
> > >
> > > What is that PoS *trying* to test for? I assume it is meant to test for
> > >
> > > 	/* Is the list initialized and non-empty? */
> > > 	if (drv->entry.next && !list_empty(&drv->entry)) {
> > > 		...
> > >
> > > and dammit, just doing it that way is shorter and simpler.
> 
> But I don't think that will work as others have pointed out, this
> structure's list field isn't initialized yet.

Umm. And what do you think the test for drv->entry.next is there for?

Ie the assumption is that it's at least zeroed out, if it's not 
initialized. 

Now, admittedly it could be *total* crud, but if so, I'd seriously suggest 
just fixing the callers, rather than passing totally uninitialized 
structures with random crap in it around.

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ