lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200302125805.GB204976@krava>
Date:   Mon, 2 Mar 2020 13:58:05 +0100
From:   Jiri Olsa <jolsa@...hat.com>
To:     Jann Horn <jannh@...gle.com>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Namhyung Kim <namhyung@...nel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tools: Fix realloc() use in fdarray__grow()

On Sat, Feb 29, 2020 at 05:26:07PM +0100, Jann Horn wrote:
> If `entries != NULL`, then `fda->entries` has been freed, so whatever
> happens afterwards, we must store `entries` in `fda->entries`.
> If we bail out at the second realloc(), the new allocation will be bigger
> than what fda->nr_alloc says, but that's fine.
> 
> Fixes: 2171a9256862 ("tools lib fd array: Allow associating an integer cookie with each entry")
> Signed-off-by: Jann Horn <jannh@...gle.com>
> ---
> To the maintainer:
> I'm not sure about the etiquette for using CC stable in
> patches for somewhat theoretical issues in userland tools;
> feel free to tack a CC stable onto this if you think it
> should go into stable.
> 
>  tools/lib/api/fd/array.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/tools/lib/api/fd/array.c b/tools/lib/api/fd/array.c
> index 58d44d5eee31..acf8eca1a94a 100644
> --- a/tools/lib/api/fd/array.c
> +++ b/tools/lib/api/fd/array.c
> @@ -27,15 +27,13 @@ int fdarray__grow(struct fdarray *fda, int nr)
>  
>  	if (entries == NULL)
>  		return -ENOMEM;
> +	fda->entries = entries;
>  
>  	priv = realloc(fda->priv, psize);
> -	if (priv == NULL) {
> -		free(entries);

so we are sure we always call fdarray__exit even
if we fail in here?  if that's the case then

Acked-by: Jiri Olsa <jolsa@...hat.com>

thanks,
jirka

> +	if (priv == NULL)
>  		return -ENOMEM;
> -	}
>  
>  	fda->nr_alloc = nr_alloc;
> -	fda->entries  = entries;
>  	fda->priv     = priv;
>  	return 0;
>  }
> -- 
> 2.25.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ