| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080706132302.5ca87f4f@infradead.org>
Date: Sun, 6 Jul 2008 13:23:02 -0700
From: Arjan van de Ven <arjan@...radead.org>
To: linux-kernel@...r.kernel.org, Al Viro <viro@...IV.linux.org.uk>
Cc: akpm@...ux-foundation.org
Subject: Kernel oops (bug) in fs/buffers.c:create_empty_buffers
Hi,
caught this one on kerneloops.org:
http://www.kerneloops.org/searchweek.php?search=create_empty_buffers
void create_empty_buffers(struct page *page,
unsigned long blocksize, unsigned long b_state)
{
struct buffer_head *bh, *head, *tail;
head = alloc_page_buffers(page, blocksize, 1);
bh = head;
do {
bh->b_state |= b_state;
tail = bh;
bh = bh->b_this_page;
} while (bh);
turns out, alloc_page_buffers() can fail and return NULL (for AIO for
example)... yet this code blindly dereferences the result, getting a
predictable NULL pointer fault.
It's not directly clear what to do about... make this function return
the failure to the caller?
--
If you want to reach me at my work email, use arjan@...ux.intel.com
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists