| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Jul 2009 19:09:09 +0530
From: vimal singh <vimal.newwork@...il.com>
To: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc: Stoyan Gaydarov <sgayda2@...c.edu>, linux-kernel@...r.kernel.org,
David.Woodhouse@...el.com, sr@...x.de, kay.sievers@...y.org,
gregkh@...e.de, linux-mtd@...ts.infradead.org
Subject: Re: [PATCH] [mtd] fixed faulty check
On Thu, Jul 30, 2009 at 6:33 PM, Sebastian Andrzej
Siewior<bigeasy@...utronix.de> wrote:
> Stoyan Gaydarov wrote:
>>
>> Resubmit of a patch with some additions, see
>> http://lkml.org/lkml/2009/7/30/97
>>
> Please add a description of the path here. That's the place where people
> are looking for them. The link might be a an additional reference.
>
>> Signed-off-by: Stoyan Gaydarov <sgayda2@...c.edu>
>> ---
>> drivers/mtd/maps/physmap_of.c | 3 ++-
>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>
>> diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c
>> index 39d357b..e7ab5f0 100644
>> --- a/drivers/mtd/maps/physmap_of.c
>> +++ b/drivers/mtd/maps/physmap_of.c
>> @@ -215,7 +215,8 @@ static int __devinit of_flash_probe(struct of_device
>> *dev,
>> goto err_out;
>> mtd_list = kzalloc(sizeof(struct mtd_info) * count, GFP_KERNEL);
>> - if (!info)
>> + if (!mtd_list)
>> + kfree(info);
>> goto err_out;
What if you go to 'err_out' due to some other error?? Do not you need
to free 'info'?
So, better free it in at the label.
Currently label is like below, which is again incorrect.
-----code snippet (line 339)-----
err_out:
kfree(mtd_list);
of_flash_remove(dev);
-------------------------------------------
Think about when you get jump to this label even before 'mtd_list' is
allocated. This is the scenario of null pointer dereferencing.
So, this requires two separate labels:
-one label for errors which occur before 'mtd_list' memory allocation
-and, another for then onward errors
something like below:
err_out2:
kfree(info);
kfree(mtd_list);
err_out1:
of_flash_remove(dev);
-vimal
>
> This is not python, you have to be explicit about braces. Now your code
> looks like this:
>
> mtd_list = kzalloc(sizeof(struct mtd_info) * count, GFP_KERNEL);
> if (!mtd_list)
> kfree(info);
> goto err_out;
>>
>> dev_set_drvdata(&dev->dev, info);
>
>
> Sebastian
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
---
Regards,
\/ | |\/| /-\ |_
____ __o
------ -\<,
----- ( )/ ( )
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists