| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210626231423.GA38365@macbook.musicnaut.iki.fi>
Date: Sun, 27 Jun 2021 02:14:23 +0300
From: Aaro Koskinen <aaro.koskinen@....fi>
To: Pavel Skripkin <paskripkin@...il.com>
Cc: gustavoars@...nel.org, sam@...nborg.org, tomi.valkeinen@...com,
linux-omap@...r.kernel.org, linux-fbdev@...r.kernel.org,
dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH] OMAP: DSS2: OMAPFB: fix potential GPF
Hi,
On Sat, Jun 26, 2021 at 01:33:23AM +0300, Pavel Skripkin wrote:
> In case of allocation failures, all code paths was jumping
> to this code:
>
> err:
> kfree(fbi);
> kfree(var);
> kfree(fbops);
>
> return r;
>
> Since all 3 pointers placed on stack and don't initialized, they
> will be filled with some random values, which leads to
> deferencing random pointers in kfree(). Fix it by rewriting
> error handling path.
They are initialized before the first goto:
[...]
fbi = NULL;
var = NULL;
fbops = NULL;
fbi = kzalloc(sizeof(*fbi), GFP_KERNEL);
if (fbi == NULL) {
r = -ENOMEM;
goto err;
}
[...]
A.
Powered by blists - more mailing lists