| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b25c3fa70711260253we514310g2652d40440dc514e@mail.gmail.com> Date: Mon, 26 Nov 2007 19:53:19 +0900 From: "Joonwoo Park" <joonwpark81@...il.com> To: "Robert P. J. Day" <rpjday@...shcourse.ca> Cc: netdev@...r.kernel.org, chas@....nrl.navy.mil, linux-kernel@...r.kernel.org Subject: Re: [PATCH 4/4] atm/ambassador: kmalloc + memset conversion to kzalloc 2007/11/26, Robert P. J. Day <rpjday@...shcourse.ca>: > i realized that. but all you can say is that only amb_init() calls > setup_dev() *currently*. when you're not looking, someone else might > (for whatever reason) call setup_dev() from elsewhere, and *that* call > might not zero that memory area. > > IMHO, the only safe transforms of kmalloc+memset -> kzalloc are those > in which the flow of control is unmistakable and invariant. splitting > that across a function call seems like a dangerous thing to do. > (except, of course, in the case, where the kzalloc() is added inside > the function -- then all callers are entitled to simplify *their* > code. but that's different.) > > in any event, i just thought i'd point it out. if you're absolutely > sure there will never be another call to setup_dev() from somewhere > else, then, yes, it's safe. > I understood your opinions. and partially agree with you. But isn't it a unfounded fear? Thanks Joonwoo - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists