| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Oct 2006 23:09:35 +0200 (MEST)
From: Jan Engelhardt <jengelh@...ux01.gwdg.de>
To: Pekka Enberg <penberg@...helsinki.fi>
cc: Amit Choudhary <amit2030@...oo.com>, linux-kernel@...r.kernel.org
Subject: Re: Hopefully, kmalloc() will always succeed, but if it doesn't
then....
>> So, if memory allocation to 'a' fails, it is going to kfree 'b'. But since
>> 'b'
>> is not initialized, kfree may crash (unless DEBUG is defined).
... in which case we will be notified:
$ cat test.c
#include <linux/slab.h>
void func(void) {
char *a, *b;
if((a = kmalloc(10, GFP_KERNEL)) == NULL)
goto err;
if((b = kmalloc(10, GFP_KERNEL)) == NULL)
goto err;
err:
kfree(a);
kfree(b);
return;
}
$ make -C /erk/kernel/linux-2.6.19-rc2 M=$PWD
CC [M] /dev/shm/test.o
/dev/shm/test.c: In function ‘func’:
/dev/shm/test.c:4: warning: ‘b’ may be used uninitialized in this
function
Compared to the whole source tree, the kernel has very few "may be
uninitialized" spots. And stochastically, it is quite unlikely that all
of them are caused by a construct like the above.
>> I have seen the same case at many places when allocating in a loop.
>
> So you found a bug. Why not send a patch to fix it?
-`J'
--
Powered by blists - more mailing lists