| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Feb 2023 13:39:48 -0800
From: Brian Norris <briannorris@...omium.org>
To: Zheng Hacker <hackerzheng666@...il.com>
Cc: Zheng Wang <zyytlz.wz@....com>, ganapathi017@...il.com,
alex000young@...il.com, amitkarwar@...il.com,
sharvari.harisangam@....com, huxinming820@...il.com,
kvalo@...nel.org, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mwifiex: Fix use-after-free bug due to race condition
between main thread thread and timer thread
On Fri, Feb 24, 2023 at 02:17:59PM +0800, Zheng Hacker wrote:
> This email is broken for the statement is too long, Here is the newest email.
It still wraps a bit weird, but it's good enough I suppose.
> retn -EINPROGRESS in mwifiex_init_fw
> mwifiex_free_adapter when in error
These two statements don't connect. _mwifiex_fw_dpc() only treats -1 as
a true error; -EINPROGRESS is treated as success, such that we continue
to wait for the command response. Now, we might hang here if that
response doesn't come, but that's a different problem...
I'm sure there are true bugs in here somewhere, but I've spent enough
time reading your incorrect reports and don't plan to spend more. (If
you're lucky, maybe you can pique my curiosity again, but don't count on
it.)
Regards,
Brian
Powered by blists - more mailing lists