| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Aug 2011 22:52:35 +0100 From: Anton Altaparmakov <anton@...era.com> To: Jesper Juhl <jj@...osbits.net> Cc: linux-kernel@...r.kernel.org, linux-ntfs-dev@...ts.sourceforge.net Subject: Re: [PATCH 0/3] make ntfs_free() NULL safe Hi, On 19 Aug 2011, at 22:30, Jesper Juhl wrote: > Here's a small series of patches that make it safe to call ntfs_free() > with a NULL pointer and reaps some bennefits from that. > > The first patch in the series simply makes ntfs_free() safe to call with a > NULL pointer. This fits with many other kernel freeing functions, that are > generally safe to call with NULL pointers. > > The second patch adds some documentation to ntfs_free() similar to what's > already provided for the allocation functions. ntfs_free() is fairly > simple so you could argue that such documentation is not really needed, > but I say it's still nice to have if for no other reason than > completeness. > > The third patch removes a number of tests for NULL pointers before calls > to ntfs_free() that patch 1 make redundant. Patches look fine. Feel free to add my Acked-by: Anton Altaparmakov <anton@...era.com> and to send them to Linus for inclusion… > This whole things came about because Coverity Prevent spotted that in > fs/ntfs/runlist.c on line 967 we call ntfs_runlists_merge() which frees > its second argument and we then explicitly free that argument via > ntfs_free() again on line 970. This patch series also makes that a non > issue. Ah but Coverity Prevent is incorrect in its spotting! Have a look yourself! ntfs_runlists_merge() _ONLY_ frees its second argument if it returns success. If it returns error it does _NOT_ free its second argument! And line 970 is _ONLY_ executed if ntfs_runlists_merge() returned error, i.e. in the case that the second argument was _NOT_ freed. If the argument was freed, ntfs_runlists_merge() would have returned success, and then line 970 would never have been reached… So I am afraid this is a bug in Coverity Prevent rather than in NTFS. (-: Best regards, Anton -- Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @) Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK Linux NTFS maintainer, http://www.linux-ntfs.org/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists