| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Dec 2023 10:38:10 +0100 From: Markus Elfring <Markus.Elfring@....de> To: kernel-janitors@...r.kernel.org, Ahelenia ZiemiaĆska <nabijaczleweli@...ijaczleweli.xyz>, Andrew Morton <akpm@...ux-foundation.org>, Li kunyu <kunyu@...china.com>, Michal Hocko <mhocko@...e.com>, Sebastian Reichel <sebastian.reichel@...labora.com>, Suren Baghdasaryan <surenb@...gle.com>, Zhang Zhengming <zhang.zhengming@....com>, Zhou Kete <zhou.kete@....com> Cc: LKML <linux-kernel@...r.kernel.org> Subject: [PATCH] kernel: relay: Improve exception handling in relay_create_buf() From: Markus Elfring <elfring@...rs.sourceforge.net> Date: Sun, 31 Dec 2023 10:26:25 +0100 The kfree() function was called in one case by the relay_create_buf() function during error handling even if the passed data structure member contained a null pointer. This issue was detected by using the Coccinelle software. Thus use another label. Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net> --- kernel/relay.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/relay.c b/kernel/relay.c index a8e90e98bf2c..b8c06305213d 100644 --- a/kernel/relay.c +++ b/kernel/relay.c @@ -161,14 +161,15 @@ static struct rchan_buf *relay_create_buf(struct rchan *chan) buf->start = relay_alloc_buf(buf, &chan->alloc_size); if (!buf->start) - goto free_buf; + goto free_padding; buf->chan = chan; kref_get(&buf->chan->kref); return buf; -free_buf: +free_padding: kfree(buf->padding); +free_buf: kfree(buf); return NULL; } -- 2.43.0
Powered by blists - more mailing lists