lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.61.0610222306240.22903@yvahk01.tjqt.qr>
Date:	Sun, 22 Oct 2006 23:09:35 +0200 (MEST)
From:	Jan Engelhardt <jengelh@...ux01.gwdg.de>
To:	Pekka Enberg <penberg@...helsinki.fi>
cc:	Amit Choudhary <amit2030@...oo.com>, linux-kernel@...r.kernel.org
Subject: Re: Hopefully, kmalloc() will always succeed, but if it doesn't
 then....


>> So, if memory allocation to 'a' fails, it is going to kfree 'b'. But since
>> 'b'
>> is not initialized, kfree may crash (unless DEBUG is defined).

... in which case we will be notified:

$ cat test.c
#include <linux/slab.h>

void func(void) {
    char *a, *b;
    if((a = kmalloc(10, GFP_KERNEL)) == NULL)
        goto err;
    if((b = kmalloc(10, GFP_KERNEL)) == NULL)
        goto err;

 err:
    kfree(a);
    kfree(b);
    return;
}

$ make -C /erk/kernel/linux-2.6.19-rc2 M=$PWD
  CC [M]  /dev/shm/test.o
/dev/shm/test.c: In function ‘func’:
/dev/shm/test.c:4: warning: ‘b’ may be used uninitialized in this 
function


Compared to the whole source tree, the kernel has very few "may be 
uninitialized" spots. And stochastically, it is quite unlikely that all 
of them are caused by a construct like the above.


>> I have seen the same case at many places when allocating in a loop.
>
> So you found a bug. Why not send a patch to fix it?


	-`J'
-- 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ