Thread (3 messages) 3 messages, 2 authors, 2021-06-27

Re: [PATCH] OMAP: DSS2: OMAPFB: fix potential GPF

From: Pavel Skripkin <hidden>
Date: 2021-06-27 08:48:32
Also in: dri-devel, linux-fbdev, linux-omap, lkml 

On Sun, 27 Jun 2021 02:14:23 +0300
Aaro Koskinen [off-list ref] wrote:

Hi,

On Sat, Jun 26, 2021 at 01:33:23AM +0300, Pavel Skripkin wrote:
quoted
In case of allocation failures, all code paths was jumping
to this code:

err:
	kfree(fbi);
	kfree(var);
	kfree(fbops);

	return r;

Since all 3 pointers placed on stack and don't initialized, they
will be filled with some random values, which leads to
deferencing random pointers in kfree(). Fix it by rewriting
error handling path.
They are initialized before the first goto:

[...]
	fbi = NULL;
	var = NULL;
	fbops = NULL;

	fbi = kzalloc(sizeof(*fbi), GFP_KERNEL);
	if (fbi == NULL) {
		r = -ENOMEM;
		goto err;
	}
[...]
Hi! 

Im sorry for this, I should not stay to late night reviewing the code
next time :(




With regards,
Pavel Skripkin
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help