lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20240926082251.5jacwNgE@linutronix.de>
Date: Thu, 26 Sep 2024 10:22:51 +0200
From: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To: Mikhail Arkhipov <m.arhipov@...a.ru>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Uwe Kleine-König <u.kleine-koenig@...gutronix.de>,
	Felipe Balbi <balbi@...com>, Mike Frysinger <vapier@...too.org>,
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
	lvc-project@...uxtesting.org
Subject: Re: [PATCH v2] usb: gadget: r8a66597-udc: Fix double free in
 r8a66597_probe

On 2024-09-23 23:20:19 [+0300], Mikhail Arkhipov wrote:
> The function r8a66597_free_request is already called in the err_add_udc
> block, and freeing r8a66597->ep0_req twice may lead to a double free error.
> 
> If the probe process fails and the r8a66597_probe function subsequently
> goes through its error handling path. Since r8a66597_free_request is called
> multiple times in different error handling sections, it leads to an attempt
> to free the same memory twice.
> 
> Remove the redundant call to r8a66597_free_request in the clean_up2 block.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 0f91349b89f3 ("usb: gadget: convert all users to the new udc infrastructure")
> Signed-off-by: Mikhail Arkhipov <m.arhipov@...a.ru>

Reviewed-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>

Sebastian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ