lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 17 May 2024 19:51:08 +0200
From: Takashi Iwai <tiwai@...e.de>
To: Yunseong Kim <yskelg@...il.com>
Cc: Takashi Iwai <tiwai@...e.de>,
	Jaroslav Kysela <perex@...ex.cz>,
	skhan@...uxfoundation.org,
	Bjorn Helgaas <helgaas@...nel.org>,
	linux-kernel-mentees@...ts.linuxfoundation.org,
	Austin Kim <austindh.kim@...il.com>,
	shjy180909@...il.com,
	linux-sound@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] line6: add midibuf init failure handling in line6_init_midi()

On Fri, 17 May 2024 19:10:44 +0200,
Yunseong Kim wrote:
> 
> On 5/17/24 5:32 ¿ÀÈÄ, Takashi Iwai wrote:
> > The allocated object is already freed by snd_line6_midi_free() that is
> > called via rawmidi private_free at its destruction.  So your change
> > would lead to a double-free.
> > 
> > 
> > thanks,
> > 
> > Takashi
> 
> Thanks for the review Takashi.
> 
> I have one question:
> 
> line6_midibuf_destroy() have no NULL check for the memory to free.
> 
> If line6midi->midibuf_in is in this->buf = NULL from
> line6_midibuf_init() with memory allocation failed,
> won't the free(NULL) when accessed by snd_line6_midi_free() to
> line6_midibuf_destroy()?

free(NULL) is fine, it's defined to be noop.
Many codes just call free() unconditionally for that, as it reduces
the code size.


thanks,

Takashi

> In the first patch, I was making a misunderstanding
> Now that you mention it, I can see where it's freeing!
> It helped me a lot in analyzing the driver code.
> 
> Please let me know if I've misunderstood anything.
> 
> Warm Regards,
> Yunseong Kim
> 
> >> ---
> >>  sound/usb/line6/midi.c | 9 +++++++--
> >>  1 file changed, 7 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/sound/usb/line6/midi.c b/sound/usb/line6/midi.c
> >> index 0838632c788e..abcf58f46673 100644
> >> --- a/sound/usb/line6/midi.c
> >> +++ b/sound/usb/line6/midi.c
> >> @@ -283,13 +283,18 @@ int line6_init_midi(struct usb_line6 *line6)
> >>  
> >>  	err = line6_midibuf_init(&line6midi->midibuf_in, MIDI_BUFFER_SIZE, 0);
> >>  	if (err < 0)
> >> -		return err;
> >> +		goto error;
> >>  
> >>  	err = line6_midibuf_init(&line6midi->midibuf_out, MIDI_BUFFER_SIZE, 1);
> >>  	if (err < 0)
> >> -		return err;
> >> +		goto error;
> >>  
> >>  	line6->line6midi = line6midi;
> >>  	return 0;
> >> +
> >> +error:
> >> +	kfree(line6midi);
> >> +	return err;
> >> +
> >>  }
> >>  EXPORT_SYMBOL_GPL(line6_init_midi);
> >> -- 
> >> 2.34.1
> >>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ