On Sun, 27 Jun 2021 02:14:23 +0300
Aaro Koskinen <aaro.koskinen@xxxxxx> wrote:
> Hi,
>
> On Sat, Jun 26, 2021 at 01:33:23AM +0300, Pavel Skripkin wrote:
> > In case of allocation failures, all code paths was jumping
> > to this code:
> >
> > err:
> > kfree(fbi);
> > kfree(var);
> > kfree(fbops);
> >
> > return r;
> >
> > Since all 3 pointers placed on stack and don't initialized, they
> > will be filled with some random values, which leads to
> > deferencing random pointers in kfree(). Fix it by rewriting
> > error handling path.
>
> They are initialized before the first goto:
>
> [...]
> fbi = NULL;
> var = NULL;
> fbops = NULL;
>
> fbi = kzalloc(sizeof(*fbi), GFP_KERNEL);
> if (fbi == NULL) {
> r = -ENOMEM;
> goto err;
> }
> [...]
>
Hi!
Im sorry for this, I should not stay to late night reviewing the code
next time :(
With regards,
Pavel Skripkin
