| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200701092257.l09MvM82029636@turing-police.cc.vt.edu>
Date: Tue, 09 Jan 2007 17:57:22 -0500
From: Valdis.Kletnieks@...edu
To: Amit Choudhary <amit2030@...oo.com>
Cc: Pekka Enberg <penberg@...helsinki.fi>,
Hua Zhong <hzhong@...il.com>,
Christoph Hellwig <hch@...radead.org>,
Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] include/linux/slab.h: new KFREE() macro.
On Tue, 09 Jan 2007 11:02:35 PST, Amit Choudhary said:
> Correct. And doing kfree(x); x=NULL; is not hiding that. These issues can still be debugged by
> using the slab debugging options. One other benefit of doing this is that if someone tries to
> access the same memory again using the variable 'x', then he will get an immediate crash. And the
> problem can be solved immediately, without using the slab debugging options. I do not yet
> understand how doing this hides the bugs, obfuscates the code, etc. because I haven't seen an
> example yet, but only blanket statements.
char *broken() {
char *x, *y;
x = kmalloc(100);
y = x;
kfree(x);
x = NULL;
return y;
}
Setting x to NULL doesn't do anything to fix the *real* bug here, because
the problematic reference is held in y, not x. So you never get a crash
because somebody dereferences x.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists