| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Jun 2024 17:37:49 +0200 From: Markus Elfring <Markus.Elfring@....de> To: Yunseong Kim <yskelg@...il.com>, linux-s390@...r.kernel.org, Alexander Gordeev <agordeev@...ux.ibm.com>, Christian Bornträger <borntraeger@...ux.ibm.com>, Harald Freudenberger <freude@...ux.ibm.com>, Heiko Carstens <hca@...ux.ibm.com>, Sven Schnelle <svens@...ux.ibm.com>, Vasily Gorbik <gor@...ux.ibm.com> Cc: LKML <linux-kernel@...r.kernel.org>, MichelleJin <shjy180909@...il.com> Subject: Re: [PATCH] s390/raw3270: Handle memory allocation failures in raw3270_setup_console() > This patch handle potential null pointer dereference in > 'raw3270_setup_device()', When 'raw3270_setup_console()' fails to > allocate memory for 'rp' or 'ascebc'. 1. Can a wording approach (like the following) be a better change description? A null pointer is stored in a local variable after a call of the function “kzalloc” failed. This pointer was passed to a subsequent call of the function “raw3270_setup_device” where an undesirable dereference will be performed then. Thus add corresponding return value checks. 2. Would you like to add any tags (like “Fixes”) accordingly? 3. The allocated two memory areas are immediately overwritten by the called function. Can zero-initialisation be omitted by calling the function “kmalloc” instead? 4. Under which circumstances will development interests grow for increasing the application of scope-based resource management? https://elixir.bootlin.com/linux/v6.10-rc4/source/include/linux/cleanup.h#L8 Regards, Markus
Powered by blists - more mailing lists