Re: [PATCH] Fix use after free warning introduced by gcc 12.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 20, 2023 at 12:56 AM Krishna <chaitanya.mgit@xxxxxxxxx> wrote:
>
> From: krishna T <krishna.t@xxxxxxxxxxxxx>
>
> gcc 12.1 complains about using pointer after realloc as it could
> potentially be moved/freed, causing any uses after UB.
>
> Fix this by storing the pointer before realloc.
>
> Signed-off-by: Krishna T <krishna.t@xxxxxxxxxxxxx>
> ---
>  wpa_supplicant/bss.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
> index 320441426..2484d4e14 100644
> --- a/wpa_supplicant/bss.c
> +++ b/wpa_supplicant/bss.c
> @@ -724,6 +724,7 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
>                 bss->beacon_ie_len = res->beacon_ie_len;
>         } else {
>                 struct wpa_bss *nbss;
> +               struct wpa_bss *old_bss = bss;
>                 struct dl_list *prev = bss->list_id.prev;
>                 dl_list_del(&bss->list_id);
>                 nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
> @@ -731,14 +732,14 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
>                 if (nbss) {
>                         unsigned int i;
>                         for (i = 0; i < wpa_s->last_scan_res_used; i++) {
> -                               if (wpa_s->last_scan_res[i] == bss) {
> +                               if (wpa_s->last_scan_res[i] == old_bss) {
>                                         wpa_s->last_scan_res[i] = nbss;
>                                         break;
>                                 }
>                         }
> -                       if (wpa_s->current_bss == bss)
> +                       if (wpa_s->current_bss == old_bss)
>                                 wpa_s->current_bss = nbss;
> -                       wpa_bss_update_pending_connect(wpa_s, bss, nbss);
> +                       wpa_bss_update_pending_connect(wpa_s, old_bss, nbss);
>                         bss = nbss;
>                         os_memcpy(bss->ies, res + 1,
>                                   res->ie_len + res->beacon_ie_len);
> --
> 2.34.1
The warning is still there, working on it, will send a v2.

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux