| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210627114816.5e9d042b@gmail.com>
Date: Sun, 27 Jun 2021 11:48:16 +0300
From: Pavel Skripkin <paskripkin@...il.com>
To: Aaro Koskinen <aaro.koskinen@....fi>
Cc: gustavoars@...nel.org, sam@...nborg.org, tomi.valkeinen@...com,
linux-omap@...r.kernel.org, linux-fbdev@...r.kernel.org,
dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH] OMAP: DSS2: OMAPFB: fix potential GPF
On Sun, 27 Jun 2021 02:14:23 +0300
Aaro Koskinen <aaro.koskinen@....fi> wrote:
> Hi,
>
> On Sat, Jun 26, 2021 at 01:33:23AM +0300, Pavel Skripkin wrote:
> > In case of allocation failures, all code paths was jumping
> > to this code:
> >
> > err:
> > kfree(fbi);
> > kfree(var);
> > kfree(fbops);
> >
> > return r;
> >
> > Since all 3 pointers placed on stack and don't initialized, they
> > will be filled with some random values, which leads to
> > deferencing random pointers in kfree(). Fix it by rewriting
> > error handling path.
>
> They are initialized before the first goto:
>
> [...]
> fbi = NULL;
> var = NULL;
> fbops = NULL;
>
> fbi = kzalloc(sizeof(*fbi), GFP_KERNEL);
> if (fbi == NULL) {
> r = -ENOMEM;
> goto err;
> }
> [...]
>
Hi!
Im sorry for this, I should not stay to late night reviewing the code
next time :(
With regards,
Pavel Skripkin
Powered by blists - more mailing lists