lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAG48ez2x4=Vh0Rvt-HWtWLGenqbNWfto_SHrz3V=DPsnyexTvQ@mail.gmail.com>
Date:   Mon, 2 Mar 2020 15:54:15 +0100
From:   Jann Horn <jannh@...gle.com>
To:     Jiri Olsa <jolsa@...hat.com>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Namhyung Kim <namhyung@...nel.org>,
        kernel list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] tools: Fix realloc() use in fdarray__grow()

On Mon, Mar 2, 2020 at 1:58 PM Jiri Olsa <jolsa@...hat.com> wrote:
> On Sat, Feb 29, 2020 at 05:26:07PM +0100, Jann Horn wrote:
> > If `entries != NULL`, then `fda->entries` has been freed, so whatever
> > happens afterwards, we must store `entries` in `fda->entries`.
> > If we bail out at the second realloc(), the new allocation will be bigger
> > than what fda->nr_alloc says, but that's fine.
> >
> > Fixes: 2171a9256862 ("tools lib fd array: Allow associating an integer cookie with each entry")
> > Signed-off-by: Jann Horn <jannh@...gle.com>
> > ---
> > To the maintainer:
> > I'm not sure about the etiquette for using CC stable in
> > patches for somewhat theoretical issues in userland tools;
> > feel free to tack a CC stable onto this if you think it
> > should go into stable.
> >
> >  tools/lib/api/fd/array.c | 6 ++----
> >  1 file changed, 2 insertions(+), 4 deletions(-)
> >
> > diff --git a/tools/lib/api/fd/array.c b/tools/lib/api/fd/array.c
> > index 58d44d5eee31..acf8eca1a94a 100644
> > --- a/tools/lib/api/fd/array.c
> > +++ b/tools/lib/api/fd/array.c
> > @@ -27,15 +27,13 @@ int fdarray__grow(struct fdarray *fda, int nr)
> >
> >       if (entries == NULL)
> >               return -ENOMEM;
> > +     fda->entries = entries;
> >
> >       priv = realloc(fda->priv, psize);
> > -     if (priv == NULL) {
> > -             free(entries);
>
> so we are sure we always call fdarray__exit even
> if we fail in here?  if that's the case then
>
> Acked-by: Jiri Olsa <jolsa@...hat.com>

Ugh... actually, no, at least fdarray__new() does a plain free().
While other places like FDA_ADD use fdarray_delete()...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ