[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <82e4877d0907121454l6d19f739t26d37b8f275250ad@mail.gmail.com>
Date: Sun, 12 Jul 2009 17:54:28 -0400
From: Parag Warudkar <parag.warudkar@...il.com>
To: Jiri Slaby <jirislaby@...il.com>
Cc: linux-kernel@...r.kernel.org, thomas@...3r.de, sds@...ho.nsa.gov,
jmorris@...ei.org, eparis@...isplace.org
Subject: Re: 2.6.31-rc2: BUG: unable to handle kernel NULL pointer dereference
On Sun, Jul 12, 2009 at 4:26 PM, Jiri Slaby<jirislaby@...il.com> wrote:
> On 07/12/2009 07:30 PM, Parag Warudkar wrote:
>> static void selinux_write_opts(struct seq_file *m,
>> 1012 struct security_mnt_opts *opts)
>> 1013 {
>> 1014 int i;
>> 1015 char *prefix;
>> 1016
>> 1017 for (i = 0; i < opts->num_mnt_opts; i++) {
>> 1018 char *has_comma;
>> 1019
>> 1020 if (opts->mnt_opts[i])
>> 1021 has_comma = strchr(opts->mnt_opts[i], ',');
>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>> And that is a NULL pointer dereference - but we just checked for
>> opts->mnt_opts[i] for not NULL.
>
> Note, that there is not a NULL dereference. It dereferences 0x40 which
> came in as %rdi. Looks like somebody assigned garbage in there.
Ah right - anything < PAGE_SIZE is "NULL" dereference to the kernel.
Thanks
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists